Network+
Bluetooth
2.4GHz 3Mbps 100m @ 100mW 10m @ 2.5mW
SMTP
Simple Mail Transfer Protocol TCP port 25 Secure port 587 responsible for the transmission of email between servers and for sending email from a client
SNMP
Simple Network Management Protocol Port 161 - manager sends data to agent Port 162 - agent traps sent to manager used to monitor and configure network nodes such as Printers, hosts, routers, and servers to name a few using a network manager
throughput
actual amount of data that passes through a network over a given period of time
SLAAC
(StateLess Address Auto Configuration) The preferred method of assigning IP addresses in an IPv6 network. SLAAC devices send the router a request for the network prefix, and the device uses the prefix and its own MAC address to create an IP address. After the IP is computed, it checks to see if a duplicate IP was previously created. DHCP Is Used If SLAAC Is Not SupportedIf the router does not implement SLAAC and no network prefix is received, the device sends a request to the DHCPv6 server, which responds with an IP address similar to the DHCP in IPv4.
Virtual switch
A virtual switch is a software program that allows one virtual machine (VM) to communicate with another.
Class C Subnets
/25 = 255.255.255.128 /26 = 255.255.255.192 /27 = 255.255.255.224 /28 = 255.255.255.240 /29 = 255.255.255.248 /30 = 255.255.255.252
DTE vs DCE
1. Data Terminal Equipment (DTE) :It includes any unit that functions either as a source of or as a destination for binary digital data. At physical layer, it can be a terminal, microcomputer, computer, printer, fax, machine or any other device that generates or consumes digital data. DTEs do not often communicate information but need an intermediary to be able to communicate. 2. Data Circuit Terminating Equipment (DCE) :It includes any functional unit that transmit or receives data in form of an analog or digital signal through a network. At physical layer, a DCE takes data generated by a DTE, converts them to an appropriate signal, and then introduces signal onto telecommunication link. Commonly used DCEs at this layer include modems. In any network, a DTE generates digital data and passes them to a DCE. DCE converts that data to a form acceptable to transmission medium and sends converted signal to another DCE on network. The second DCE takes signal off line, converts it to a form usuable by its DTE, and delivers it.
Ethernet deployment standards
100BaseT is deployed over CAT5 (or better) cabling using RJ-45 connectors terminated to the TIA-568A or TIA-568B standard. This is called Fast Ethernet and supports speeds up to 100Mbps. 1000BaseT is deployed over CAT5 (or better) cabling using RJ-45 connectors terminated to the TIA-568A or TIA-568B standard. This is called Gigabit Ethernet and supports speeds up to 1Gbps. 1000BaseLX uses SMF or MMF fiber connections and is comparable to Gigabit Ethernet. Termination will be based on fiber type and wavelength. 1000BaseSX uses different modulation techniques over MMF and has a shorter range. Termination will be based on fiber type and wavelength. 10GBaseT is deployed over CAT6a (or better) cabling using RJ-45 connectors terminated to the TIA-568A or TIA-568B standard. This is called 10-GigabitEthernet and supports speeds up to 10Gbps.
1G
1G is the first generation "cellphone". 1G devices used analog communications and were quite slow and cumbersome by today's standards.
Class A subnets
255.128.0.0 /9 255.192.0.0 /10 255.224.0.0 /11 255.240.0.0 /12 255.248.0.0 /13 255.252.0.0 /14 255.254.0.0 /15
Class b subnets
255.255.128.0 /17 255.255.192.0 /18 255.255.224.0 /19 255.255.240.0 /20 255.255.248.0 /21 255.255.252.0 /22 255.255.254.0 /23
2G
2G is the second generation where digital transmission was adopted. Along with voice data, 2G supported media and text downloads at 240 Kbps. Also in this generation, GSM was introduced for voice data only.
3G
3G is the third generation and brought with its rates of 384 Kbps and packet switching for data.
4G
4G is the fourth generation cellular technology. This generation provides an IP packet switched network that can provide up to 1 Gbps to a stationary or low speed (walking) device. Once your device is moving faster, the data rates decrease. For example on the highway, your device's data rate might only be in the 100 Mbps range. Regardless, you will still reap the benefits of IP based packet switching for voice and data.
2.4GHz
802.11b/g/n Wi-Fi devices all operate in the 2.4 GHz range which is from 2.4 GHz to 2.4835 GHz. In the U.S., Wi-Fi designates 11 channels for use within the 2.4 GHz range that are each 22 MHz wide. Overseas, 14 channels are defined. In order for your device to operate smoothly, please choose a non-overlapping channel. Channel bandwidth shortly will be discussed shortly. Since 2.4 GHz is an unallocated, unlicensed band free for any purpose, many device manufacturers use this band. Wi-Fi routers, some cordless telephones, and Bluetooth all operate on this frequency, creating the opportunity for interference between devices. Even your microwave oven generates signals at the upper end of the 2.4 GHz range! As you can see, the 2.4 GHz range is quite crowded. However, cell phones and AM radio signals do not operate on this range.
802.1X
802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The RADIUS server is able to do this by communicating with the organization's directory, typically over the LDAP or SAML protocol.
Subnet classes
A - 255.0.0.0 B - 255.255.0.0 C - 255.255.255.0
Private IP spaces
A 10.0.0.0 - 10.255.255.255 B 172.16.0.0 - 172.31.255.255 C 192.168.0.0 - 192.168.255.255
IP classes
A = 1-126 127 = loopback B = 128-191 C = 192-223 D = 224-239 (multicasting) E = 240-255 (experimental)
DDoS
A DDoS (Distributed DoS) attack is much more sophisticated than a simple DoS attack. This attack infects hosts with malware and turns them into an army of bots or zombies. The infected machines are controlled by the attacker, unknowing to the user. The users unwittingly become a part of this coordinated attack.
Pools
A DHCP server can be configured to assign addresses from a pre-defined range. This is known as the DHCP scope or DHCP pool.
DoS
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
Key fob
A Key fob is easily recognizable to anyone with remote locks on their vehicle. This device is used to allow access to secure areas. However, it is not as easy as pushing a button. The key fob and door are time-synchronized and use a random sequence in order to permit access.
LAN
A Local Area Network (LAN) typically consists of several network nodes or devices where each node can connect to other nodes directly through a switch. LANs can be a small as an office or cover an entire building using multiple switches and routers.
Light meter
A cable performance tester with fiber optic capability will contain a light meter to measure the state of the fiber connection
SAN
A Storage Area Network (SAN) describes a network made up of block-level storage devices providing high throughput connections for storage devices, disk arrays, and tape storage. The servers consider all devices as one object, enhancing the access speed of data. The SAN uses controllers connected to Fibre Channel (FC) or Fibre Channel over Ethernet (FCoE) switches.
TXT
A Text (TXT) record is used to provide freely formatted text to network administrators regarding any network related issues or comments. Today, two of the most important uses for DNS TXT records are email spam prevention and domain ownership verification, although TXT records were not designed for these uses originally. This record is also referenced by validation and authentication systems such as: SPF - The Sender Provider framework (SPF) is a TXT file and part of the DNS zone file. It validates the email servers allowed to send email. DKIM - DomainKeys Identified Mail (DKIM) is an encryption-based authentication method that validates the domain name of emails.
WLAN
A Wireless LAN (WLAN) describes the wireless topology of a small office or home office.
Incorrect pin-out
A cable tester can detect improperly terminated cables.
Bridge
A bridge is a Layer 2 device that can be used to connect dissimilar network topologies like wireless to Ethernet. or to segment a large network into smaller ones to reduce traffic and collisions. The bridge uses MAC addresses and software to direct network traffic. A bridge is a Layer 2 device.
Broadcast domains
A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments.
Collision domain
A collision domain is a network segment connected by a shared medium or through repeaters where simultaneous data transmissions collide with one another. A network collision occurs when more than one device attempts to send a packet on a network segment at the same time. Members of a collision domain may be involved in collisions with one another. Devices outside the collision domain do not have collisions with those inside.
The relationship between local and cloud resources
A customer's local network will be secure (presumably) and offer the speed benefits of their network without the possibility of third-party access. Backups are fast and easy to restore. The expenses involved in running a local network are the infrastructure and IT staff, which may or may not be sufficient when it comes time to scale. Disaster recovery on the local network requires the support of additional locations, which could lead to a considerable cost. Cloud storage offers greater scalability, user accessibility, and elasticity features when compared to local resources, making cloud storage a good solution. However, cloud storage does have concerns with regards to connectivity, speed, and above all security. Your cloud data is inaccessible if the internet connection is down anywhere between your location and the cloud. Backups can be uploaded every 15 minutes to keep the data current. However, in the event of a failure, the restore time is considerable and resource intensive.
Firewall
A firewall can be a hardware device or software. The hardware device is called a network-based firewall. Firewall software installed on individual devices is called a host-based firewall In a network diagram, the firewall is shown as a device and looks like a brick wall. A standard firewall filters traffic based on the Layer 4 Port and protocol (packet filter). There should always be a firewall between your private network and the internet.
NFC
A form of RFID, Near Field Communication (NFC), has a very short communication distance of 10 cm or less. The most common implementations of NFC are found in Employee ID badges and contactless payment at NFC enabled cash registers. In smartphones, data can be exchanged between two devices by tapping them together. NFC also uses tags that require no power and can be used to store up to 32 KB of data. This could include credit card information or employee identification and login information. The power to the tags is obtained from the contacting device's RF field.
Default gateway
A gateway performs the address translation necessary for your private network to communicate with the public network. A specific address, usually the router, is configured on each host as the default gateway enabling each host to communicate externally while using only the router's external address.
Geo-fencing
A geofence is a virtual perimeter for a real-world geographic area. A geo-fence could be dynamically generated—as in a radius around a point location, or a geo-fence can be a predefined set of boundaries. Many enterprises using WWAN to serve their mobile users use MDM (Mobile Device Management) software in order to secure their mobile assets. The MDM uses the device's GPS in order to determine whether a device is in an approved area. Access is restricted to clear geographic areas.
Transceivers
A good example of the need for a transceiver is when you have a fiber to premise installation. Here the fiber MMF or SMF needs to be converted for use on an Ethernet network. On a large scale, your company will obtain a switch to convert the fiber signals to supply Gigabit Ethernet RJ-45 ports. If the fiber will be run to the desktop the fiber to Ethernet conversion is done with a transceiver. The first transceiver developed for this purpose was the Gigabit interface converter (GBIC) capable of supporting RJ-45 or SC connections. This device is past its prime and newer devices have become more popular. The small form-factor pluggable (SFP) transceiver aka mini GBIC has the same capabilities as the GBIC while taking up less space. Generally used in 1 Gbps connections it is rated up to 5 Gbps. SFP+ evolved and is now capable of 16 Gbps. Quad small form-factor pluggable (QSFP) supports data rates of up to 40 Gbps by using four channels on a single transceiver. This is codified in the IEEE 802.3ba standard.
MAN/CAN
A group of LANs in the same geographic area is considered a MAN (Metropolitan Area Network). This network type can support local government, schools, Police and Fire departments. A CAN (Campus Area Network) also covers a geographical area much the same as a MAN. These are not widely used terms but are testable on the Network+.
Frame relay
A group of Layer 2 protocols were defined in the 1980s as frame relay, a fast packet-switched network for ISDN connections. Frame relay is connection-oriented. It can be used for virtual circuits. Frame relay data is separated into frames of variable length and are relayed from node to node without any processing. A PVC is established by routers and the frames are tagged with a DLCI (data-link connection identifier) to allow routers to quickly forward the packet without inspection.
Honeypot
A honeypot is a security mechanism that creates a virtual trap to lure attackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so you can study them to improve your security policies.
Hub
A hub is a multiport repeater that sends the data received on one port and sends it to all other ports on the device. This is acceptable on small networks but as networks grew the increased traffic was sent to all ports and prone to collisions A hub operates in half-duplex mode meaning it can not send and receive data simultaneously. Hubs are virtually obsolete largely due to the low cost and improved performance of switches.
Hybrid
A hybrid cloud uses whichever mix of cloud delivery modes is necessary to create a single model. An example of this is an organization that uses the private cloud for data management and storage while using a public cloud for messaging and email.
Dial-up
A legacy network type is Dial-up networking it is the original copper-based analog method of connecting PCs using the Public Switched Telephone Network (PSTN). You may also see this called the Plain Old Telephone System (POTS), the terms are interchangeable and describe circuit-switched point to point connections between devices. Since the system was designed to handle voice (analog) communications, the PC to PC connection required modulation to convert the digital PC signal to analog for transmission. On the receiving end, the signal was demodulated back to digital. The device used for this modulation/demodulation is called a Modem. You can expect connection speeds up to 56kbps.
Load balancer
A load balancer acts as the "traffic cop" sitting in front of your servers and routing client requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance.
Logic bomb
A logic bomb is malware that has infected a PC but will not execute until a specific date or under certain conditions. Logic bombs are harmless and lie dormant until it has been triggered.
Loopback Plug
A loopback plug can be used to test any port on a PC or router or switch. Now it is used most commonly to test the operation of a physical network interface card port. The device typically uses software to send and receive data thereby validating or invalidating the port.
MIB
A management information base is a database used for managing the entities in a communication network. Most often associated with the Simple Network Management Protocol, the term is also used more generically in contexts such as in OSI/ISO Network management model.
Multilayer switch
A multilayer switch performs the Layer 2 MAC address direction and additionally performs the Layer 3 IP based routing functions. Switching is still performed at Layer 2. Routing takes place at Layer 3.
Bottleneck
A network bottleneck refers to a discrete condition in which data flow is limited by computer or network resources. The flow of data is controlled according to the bandwidth of various system resources. If the system working on a network is delivering a higher volume of data than what is supported by the existing capacity of the network, then a network bottleneck will occur.
Network interface
A network interface can refer to any kind of software interface to networking hardware. For instance, if you have two network cards in your computer, you can control and configure each network interface associated with them individually. A network interface may be associated with a physical device, or it may be a representation of a virtual interface.
IPV6 dual stack
A network that uses both IPv4 and IPv6 is called dual stacked. Dual-stacked packets will not be handled by networks that do not support it. The solution is to tunnel these packets. The best example is the internet which is not completely dual stacked. All IPv6 internet traffic uses tunneling.
NGFW/Layer 7 firewall
A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.
IP address
A numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
Packet analyzer
A packet analyzer or packet sniffer is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic.
Port
A port is an address on a single machine that can be tied to a specific piece of software. It is not a physical interface or location, but it allows your computer to be able to communicate using more than one application.
Port scanner
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
Private cloud
A private cloud is hosted by an organization for its own internal use or for its users through remote access over WAN links. When hosted virtually, the scalability and accessibility of the virtual environment offers value. Internal hosting allows the organization to use existing resources which could be considerable.
Virtual router
A router implemented in software in a server rather than a stand-alone, dedicated device.
Proxy server
A proxy server is a device placed between your private network/LAN and the internet. It is designed to handle all internet requests by caching them then sending the request, receiving the response and analyzing it for potential problems. If the response is clean it will be allowed on to the local network host.
Public cloud
A public cloud service is available to any party. The Internet is the best example of this service model and is also the least secure.
Punch down tool
A punch down tool, also called a krone tool, is a hand tool used to connect telecommunications and network wires to a patch panel, punch down block, keystone module, or surface mount box. The "punch down" part of the name comes from punching a wire into place using an impact action. It consists of a handle, a spring mechanism, and a removable slotted blade. When the punch down tool connects a wire, the blade cuts off the excess wire.
Remote access policies
A remote access policy outlines and clearly defines your company's acceptable remote access methods for hosts. Adherence to this policy is crucial for workers connecting over insecure public networks and even home networks.
Router
A router uses IP addresses to direct traffic. When configured properly it can manage traffic between subnets and VLANs. Routers are the backbone of the internet. They can quickly determine the best path between two points and reroute traffic around device failures or congestion. Routers can be configured to permit or deny communication based on the protocol used, IP addressing and port number. Routers use Access Control Lists (ACL)to define traffic behavior.
SAN
A storage area network or storage network is a computer network which provides access to consolidated, block-level data storage. SANs are primarily used to access data storage devices, such as disk arrays and tape libraries from servers so that the devices appear to the operating system as direct-attached storage.
Subnet
A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to a subnet are addressed with an identical most-significant bit-group in their IP addresses.
Switch
A switch is a Layer 2 device that can eliminate collisions and speed up traffic. Switches operate in full duplex mode allowing simultaneous send and receive capabilities between each port. In contrast to a hub that transmits data to all ports. The switch uses the Layer 2 MAC address to send the data to only the intended recipients. You may see a switch referred to as a MAC Bridge. There are more switch features that we will look at in the next edition.
VLAN mismatch
A switch will be configured support one preconfigured default VLAN containing all switch ports which cannot be renamed or deleted and additional native VLAN(s) that should be renamed for security. When configuring native VLANS remember that both ends must match the VLAN assignment or a VLAN mismatch will occur.
Switching loop
A switching loop or bridge loop occurs in computer networks when there is more than one Layer 2 (OSI model) path between two endpoints (e.g. multiple connections between two network switches or two ports on the same switch connected to each other). The loop creates broadcast storms as broadcasts and multicasts are forwarded by switches out every port, the switch or switches will repeatedly rebroadcast the broadcast messages flooding the network.
Ethernet
A system for connecting a number of computer systems to form a local area network, with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems.
Insider threat
A user may become dissatisfied with their job and may decide to act maliciously. This is an extremely serious threat. They have extensive knowledge about the organization's infrastructure. A user with high-level rights and permissions can do serious damage.
Virtual firewall
A virtual firewall is an application or a network firewall service that provides packet filtering within a virtualized environment. A virtual firewall manages and controls incoming and outgoing traffic. It works in conjunction with switches and servers similar to a physical firewall.
Virtual NIC
A virtual network interface is an abstract virtualized representation of a computer network interface that may or may not correspond directly to a network interface controller.
Warm site
A warm site can be brought online more quickly than a cold site. The warm site will contain all of the hardware and software. It will be updated regularly, but not necessarily often. The updates to the site may be monthly and any interim restoration will require recent data to be retrieved from backups. This is still quicker than a cold site restoration.
WAP (Wireless Access Point)
A wireless access point (WAP) is capable of receiving wireless signals from multiple nodes and then retransmitting them within its coverage area. It is important that the WAPs are placed effectively and have enough power to perform their function.
Wireless range extender
A wireless range extender works by repeating all wireless signals, thereby extending the effective range of wireless transmissions. These are common in home deployments where the signal does not cover the entire living area. The wireless range extender can be placed strategically to provide the necessary coverage
ACL
ACLs (Access Control Lists) are used to permit or deny specific traffic on the network. Routers, firewalls, and Layer 3 switches can filter traffic based on their configuration. On a router, packets can be passed or dropped based on any or all of the following: - Source IP address - Destination IP address - TCP/UDP port number - Network layer protocol - Transport layer protocol Since a router examines all packets, it can drop any packets that are not permitted by the ACL. The ACL will compare the traffic to its ordered list of permit/deny rules. Each rule will either deny the packet or pass it to the next rule repeating the process. Only packets that are permitted by all rules will be allowed onto the network.
arp
ARP is a program used by a computer system to find another computer's MAC address based on its IP address. Displays arp table
Changing default credentials
After installing a new network device such as a router or a switch, the new device will be set to the manufacturer's default credentials. It is important to change the default credentials as quickly as possible in order to guard against unauthorized access.
Event management
All actions on your network are logged. The log files can be analyzed individually, or they can be displayed graphically in a SIEM (System Information and Event Management) program. Notifications can be issued by the SIEM as an alert and sent to the IT staff for investigation. Our example demonstrates a vulnerability scan on an unpatched OS.
EMI
All electrical devices generate electromagnetic interference (EMI) to some degree. Our networks can usually mitigate this interference with a strong signal. Problems occur when our network cabling is too close to powerful electrical devices like generators and motors. Also consider the proximity of cabling to power lines, fluorescent lights, and microwave ovens. Use STP cable or reroute the cable to eliminate/reduce the impact.
Device hardening
All network devices come configured with default settings. Be sure that none of the network devices are using the default settings. The items covered in the test objectives are presented here.
Locks
All of the prevention methods listed above control locks. Access to a locked area can be as simple as a physical key or as complicated as a biometric lock. It is important to realize that multiple prevention methods can be combined, creating multi-factor authentication which will be described in the following posts.
Licensing restrictions
All software is covered by a licensing agreement that you must accept before installation. This agreement contains information on your right to use the software and what information the software collects.
Packet sniffer
Also known as a Protocol analyzer, this tool allows you to view each frame traversing on your network. The source, destination, protocol and related statistical information. Protocol analyzers can be hardware or software.
WPA-PSK / WPA-Personal
Also referred to as WPA-PSK (pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server. Each wireless network device encrypts the network traffic by deriving its 128-bit encryption key from a 256-bit shared key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. If ASCII characters are used, the 256-bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1. WPA-Personal mode is available with both WPA and WPA2.
802.11g
Also used the 2.4 GHz band making 802.11g a reasonable upgrade path from 802.11b which was widely installed. The main advantages of 802.11g were the throughput (54 Mbps) and that 802.11g supported 802.11b transmissions.
Amplified DRDoS
Amplified DRDoS attacks optimize the attack by sending simple requests that require larger responses from the target. This floods the targets with requests that require more resources to respond, amplifying the effectiveness of the DRDoS attack.
AUP
An Acceptable Use Policy (AUP) is where the company defines what and what is not acceptable use of company resources. You will sign and consent to this policy which is legally binding.
Signature management
An IDS (Intrusion Detection System) is a software program or device that detects network anomalies and sends an alert. The IDS detects statistical anomalies by comparing a network sample to a stored baseline. The IDS can also use identifiable code signatures in order to detect patterns from known malicious code and send an alert. The code signatures must be checked regularly. The effectiveness of the device depends on having its signatures up-to-date. This update is known as signature management. Generally, a network will also have an IPS (Intrusion Prevention System) which follows the same principles of detection as the IDS. The IPS also has the added capability of blocking suspicious traffic.
IDS/IPS
An Intrusion Detection System (IDS) is a device that monitors network traffic for exploits and other malicious traffic. When suspicious activity is detected the IDS will issue an alarm. It does not have the capability to block the suspected traffic. This is where an Intrusion Prevention System (IPS) will become more useful. An IPS can block suspicious traffic before it reaches the network.
OTDR
An Optical Time Domain Reflectometer (OTDR) is an important instrument used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR (optical time domain reflectometer) transmits a signal and analyzes the reflected signal. It can measure the length of the cable and measure the power of the light signal. The OTDR can accurately detect the distance to optical flaws in the path like bad connections and bends or kinks.
War-driving
An amazingly effective security threat is called war driving. In this case, the hacker simply drives around looking for unprotected wireless networks. There is an astonishing number of access points broadcasting their SSID that is setup using the default password. Once an open access point is discovered, the hacker can attempt to penetrate the network or just scan the traffic to attempt an exploit.
Cable tester
An indispensable tool for network diagnostics your cable tester can diagnose wiring problems from broken/cut cables, loose wires to crossed pairs. Less expensive than a network Multimeter, this tester is often all you need to fix a connectivity issue. Place the Master on one end of the suspect cable and the Remote on the other end. The light display will show each wire sequentially. Any sequence problems can be usually be attributed to a crossover cable in the line, Find that and replace with T-568A or T-568B depending on the installation.
Open/short circuit
An open circuit is one that is damaged or is not physically connected. A short circuit occurs when two exposed cables touch creating a useless and possibly harmful circuit. A multimeter or a cable continuity tester can help you quickly diagnose these conditions. If the problem is inside the cable sheath you can use a TDR to locate the problem.
ISDN
Another legacy copper-based technology, ISDN uses the PSTN for its connections breaking the transmission into two channel types, the circuit-switched B channel which carried voice data and video, and the packet-switched D channel which carried connection information like initiation and termination, conference calling and caller ID. In its basic configuration, an ISDN connection supported two B channels and one D channel. This is known as the BRI (Basic Rate Interface). Multiple B channels are supported but only a single D channel. Of the two B channels provided in BRI, they can be combined to provide 128 kbps for data, when the telephone is used one of the B channels is allocated to carry the voice signal. In the configuration known as PRI (Primary Rate Interface) Up to 23 B channels of 64kbps each are supported with one 64kbp D channel. ISDN signals have a limited range before a repeater is needed.
IP exclusions
Another way to guarantee that a host is consistently available is to statically assign an IP address to it. In order to prevent the address from being assigned in the DHCP environment, an IP exclusion can be configured on the DHCP server.
Certificates
Certificates are used to authenticate users. In Certificate-Based Authentication, an authentication request is sent that contains the user's public key that is then used to validate its authenticity.
Fault tolerance
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of some of its components.
CIDR notation (IPv4 vs. IPv6)
IPv6 Networks differ substantially from IPv4 as they are classless, do not use subnet masks and a single subnet can support 18,446,744,073,709,551,616 on a Residential - /64 network.
VoIP gateway
In companies the use VoIP telephone systems aka telephony, a VoIP gateway is installed to convert the analog VoIP signal to digital IP packets for delivery to the recipient.
tracert/traceroute
In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes and measuring transit delays of packets across an Internet Protocol network.
BYOD
Bring your own device (BYOD) is the method of allowing employees to bring their own personal devices into the workplace. The permissions for these devices will be determined by the On-boarding / off-boarding section described above.
CSMA/CA
CSMA collision avoidance wireless a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be "idle". When they do transmit, nodes transmit their packet data in its entirety.
VDSL (Variable DSL)
This will be your fastest DSL implementation. You may see it called "very high bit rate" DSL. This is an asymmetric method with upload speeds approaching 50-60 Mbps. This again is relative to the distance to your CO.
CSMA/CD
CSMA collision detection wired It uses carrier-sensing to defer transmissions until no other stations are transmitting. This is used in combination with collision detection in which a transmitting station detects collisions by sensing transmissions from other stations while it is transmitting a frame. When this collision condition is detected, the station stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame
ATM
Asynchronous Transfer Mode (ATM) is considered Layer 2 WAN technology. Its protocols can extend to Layers 1 and Layer 3. It can employ multiplexing techniques and network access. Since it is asynchronous it is not bound to the timing restrictions of SONET and can transmit data randomly as needed. ATM uses a fixed size 53-byte cell to transmit data. This cell consists of 48-bytes of data plus a 5-byte header and provides predictable efficient network communication. ATM uses virtual circuits using the optimal path determined before the transmission.
Network
Any collection of independent computers that exchange information with each other over a shared communication medium.
Attenuation
As a signal travels away from its transmission point it becomes weaker. This condition impacts wired and wireless signals. In addition to distance, factors like noise and cable imperfections contribute to attenuation. On the network switches and repeaters refresh the signal to its original strength before passing it along.
Avoiding common passwords
As we noted, Network devices are usually configured with default credentials during their initial use. Search for "Common router default passwords" online and you will find several webpages that list the default username and password for your specific network device's brand and model. Immediately change any default login credentials.
Asset tracking
Asset tracking tags are placed on all valuable assets owned by the company. This serves several purposes. The tag is linked to a database of assets and uses the object's type, make, model, acquisition date, and current location. The tag is usually a barcode but can also be an RFID tag. These tags are used to identify the object for depreciation, routine maintenance, or security.
Authentication and authorization
Authentication on WPA2-Enterprise networks very often use RADIUS servers and the EAP (Extensible Authentication Protocol). EAP is supported by modern operating systems and can be used with physical authentication methods. EAP-TLS uses the public key infrastructure with TLS encryption. EAP-TLS is Certificate based. PEAP (Protected PEAP) and EAP-FAST (EAP-Flexible Authentication via Secure Tunneling) both create secure tunnels between the endpoints. PEAP creates an outer tunnel before beginning the normal EAP process. This creates an inner tunnel to be used for data.
AAA/RADIUS server
Authentication, authorization, and accounting (AAA) is the method of controlling user access to resources and tracking their activity on an IP network. Remote Authentication Dial-In User Service (RADIUS) uses a centralized server to enforce the AAA controls. RADIUS is often deployed on a dedicated server, but it can also run as software on a remote access server.
AAA
Authentication: Who are you? Can you provide the correct credentials for access to the network? Authorization: What are you allowed to do? Here, the user's authorization to access resources, perform tasks, or execute commands is verified. Accounting: When did you attempt to access and what did you do? Accounting logs the users' activity and retains the log for auditing.
APIPA
Automatic Private IP Addressing (APIPA) is an addressing method used when a DHCP client is unable to obtain a lease from the server. APIPA takes over and assigns addresses in the 169.254.0.1 to 169.254.255.255 IP range. This configuration will remain in place until a DHCP server is located.
Hybrid
BGP The Border Gateway Protocol is considered a hybrid protocol in the CompTIA objectives as it employs elements of both Link-state and distance-vector protocols. Technically it is classified as an advanced protocol.
ipconfig/ifconfig
display network interface info
Bluetooth
Based on the IEEE 802.15.1 specifications Bluetooth is a technology commonly used to connect mobile devices. Bluetooth is commonly integrated into new PCs and accessories are readily available. Bluetooth is a proximity-based technology. That proximity is directly related to the power class of the devices. There are three Bluetooth power classes.
MIMO/MU-MIMO+
Beginning with 802.11n, Multiple Input- Multiple Output (MIMO) allows more than one antenna to be used on clients and access points, allowing devices to transmit and receive simultaneously. Previously in 802.11g, multiple antennas took turns processing the data. With 802.11ac technology, it became possible to combine multiple client communications. This is called Multiuser MIMO (MU-MIMO). Optimal throughput can only be realized when both the client and access point support this feature.
Biometrics
Biometrics uses a person's unique physical characteristics to authenticate them. This could be as simple as a fingerprint or hand scan and as complex as a retinal scan. The scanned results are compared to the stored biometric data for authentication. While this method is more expensive to implement and maintain, it possesses a very high accuracy level.
PAN
Bluetooth users will be familiar with the PAN (Personal Area Network). A pan can be considered the smallest network topology a piconet) because it is centered by a personal object's workspace. A PAN can consist of a pair of devices like your smartphone and PC as well as the smartphone connecting to your vehicle. Since the connection is based on a master/slave hierarchy the smartphone, as a master, can support up to seven slave devices
Privileged user account
By default, privileged user accounts have the highest level of permission. These accounts have specific guidelines for use. The privileged user account should only be used when necessary and should be protected by complex passwords. A lower-level user account should be used for regular tasks. These lower-level accounts can be created and modified to suit the user's tasks. It is possible to configure the privileged user account to only be available from a certain location or for a specific duration. Since these privileged user accounts are so powerful, they receive a high level of monitoring and scrutiny.
copper cable standards
CAT3 - Used in the early days, twisted pair implementations of this type use up to six wires or conductors. The most common use of CAT3 is the telephone which uses two pairs for each phone connection. This means the cable itself can support two phone lines. Cat3 uses RJ-11 connectors. CAT5 - Getting harder to find and no longer installed, this cable rating uses four pairs and can support up to 100Mbps transmission speeds with a maximum cable length of 100 meters (328 feet). You can get higher speeds in real-world applications. Cat5 uses RJ-45 connectors. CAT5e - This cable is known as CAT5 Enhanced where the enhancement refers to reduced crosstalk. This doesn't sound like a big deal until you look at the speed improvement. How does 10 times faster sound? CAT5e supports gigabit ethernet (1000Mbps)! This can be attributed to a stricter attention to the number of twists per inch in the pairs. Remember, your hardware has to support the speed. It's not a magic cable. CAT5e supports 1Gbps with a maximum cable length of 90 meters (295 feet). Cat5e uses RJ-45 connectors. CAT6 - OK now we're cooking! CAT6 supports 10Gbps at a frequency of 250 Mhz. These speeds can be attributed to a further reduction in crosstalk. While maintaining the same external RJ-45 form, the connector and cable are engineered to further isolate the cables from each other, resulting in the higher throughput. The wires are arranged in the connector to allow a slight, yet significant separation compared with CAT5 wires, which run straight, horizontal, and adjacent to each other. As you know, parallel cables will practically guarantee crosstalk. The maximum length for a CAT6 is 90 meters with an additional 10 meters for a patch cable. Cat6 uses RJ-45 connectors. CAT6e - This enhancement doubles the transmission frequency to 500 MHz and restores the traditional segment length to 100 meters (328 feet). This is technically not a standard but CAT6e is widely recognized and observed. Cat6e uses RJ-45 connectors. CAT7 - This performance standard increases the transmission frequency to 600 MHz and provides a more reliable and durable cable than its predecessors. CAT7 wraps the entire insulated pair with an additional layer, wrapping the whole cable bundle to provide an additional layer of shielding. Cat7 uses RJ-45 connectors.
Cable broadband
Cable companies have been promoting internet services since the late 1990s. Cable broadband uses the coaxial copper wiring used to carry TV signals inserts a cable modem to use the available bandwidth for internet access. This is an asymmetrical connection that can support downloads of up to 10 Gbps with the latest modems. This is a viable competitor to fiber-optic internet service providers with even the cable companies using fiber-optic backbones to provide more throughput. This implementation is called HFC (hybrid fiber-coaxial). -An enviable cable broadband speed result is shown below.
Damaged cables
Cables that are run through walls or overhead are not usually subject to damage. However, you will find some cabling run under a floor mat or rug. This subjects the cable to foot traffic that can eventually damage the cable. Some cables can be pinched between the desk and a wall which will cause damage over time.
Captive portal is generally configured in order to provide the Wi-Fi Guest account settings for a network. The user is brought to a log on page that will usually require consent to the terms of use and connection related information such as privacy and security.
Captive portal is generally configured in order to provide the Wi-Fi Guest account settings for a network. The user is brought to a log on page that will usually require consent to the terms of use and connection related information such as privacy and security.
CSMA
Carrier = shared media Sense = node can listen and detect Multiple access = every node has equal right to shared media
Circuit-switched networks
Circuit-switched networks are easy to relate to. Compare this type of switching to that of a telephone call. The first party attempts to connect, the second party accepts the connection establishing a circuit. All data on the circuit will use the same path. This circuit will be used only by the two parties and will remain connected until one of the parties disconnects. This is simple and direct.
Class A
Class A = big networks = 126 host = 16,777,214 range 1-126 network numbers 1.0.0.0 to 126.0.0.0
Class B
Class B = medium networks = 16,384 host = 65,534 range 128-191 network numbers 128.0.0.0 to 191.255.0.0
Class C
Class C = small networks = 2,097,152 host = 254 range 192-223 network numbers 192.0.0.0 to 223.255.255.0
CoS
Class of Service (CoS) is another QoS method that operates at OSI Layer 2. CoS improves the routing and switching of Ethernet frames between VLANs. Tagged frames are prioritized using eight priority levels (0 - 7). The level is assigned to the frame in a three-bit field in the header. The field is called the Priority Code Point (PCP).
Classful
Classful addressing is the simplest form of subnetting as it uses whole octets to identify the Network ID. IPv4 addresses are assigned to Classes A, B, C, D, and E as you will see Class D and E networks are reserved.
Classless
Classless addressing differs from Classful addressing because it allows the subnet mask to use bits from the preceding octet(s) to increase or decrease the bits used for the Network ID and Host ID respectively. CIDR (Classless Interdomain Routing) - Since you really need the subnet mask to determine the number of bits in the Network and Host IDs a shorthand method was created to allow you to determine the number of bits used for the network ID using slash (/) notation. CIDR notation takes the host IP address and follows it with a slash and number like /24
CIDR
Classless inter-domain routing
Security implications/ considerations
Cloud security has several implications that could expose otherwise private data. Consider the cloud provider's security and the security of the backups. Your stored data could be accessed by unauthorized parties or even authorized parties who disregard the confidentiality of the data. As a result, your cloud must adhere to the Government regulations regarding security, for example, HIPAA and financial security. Also, consider what happens to your data if your agreement lapses. In order to protect your data, please consider performing the following: A) Always get the most securely structured SLA (service-level agreement) from the cloud provider B) Ensure that your link to the provider is equally secure. C) Last but not least, use strong encryption.
Cloud service levels
Cloud service levels are defined by the amount of responsibility assigned to a given service level as compared to a traditional network using virtualization. As a reference, a traditional network bears 100% of the responsibility for the workspace, hardware, virtual infrastructure, OS platform, and application software. The cloud vendor can provide varying levels of service based on the customer's needs.
Copper cable
Coaxial cable is considered a legacy network cable, but you will still find it in cable TV installations. For networks, it has been replaced by twisted pair and fiberoptic cables. Knowledge of the Coaxial cable and connectors is still required by the CompTIA Network+ objectives. So know the copper cables and their connectors.
CDMA
Code Division Multiple Access (CDMA) is the second competing technology used for cellular communications. CDMA communications exchange data using spread spectrum technology, the use of varying frequencies and intervals, as defined by the code, to send the transmissions. The multitude of available frequency codes improves privacy since the transmitting and receiving device must follow the same pattern. CDMA devices cannot be unlocked from their carrier as easily as GSM devices.
UTP/STP
Compare the Unshielded Twisted Pair (UTP) cable to the Shielded Twisted Pair (STP) cable. The difference between the two cable types is in the internal construction of the cable, specifically the amount of insulation or shielding surrounding each internal cable pair. Each internal pair is twisted using a specified number of twists per inch. This reduces the possibility of the pairs being parallel to each other and prevents crosstalk.
PTR
Consider the Pointer (PTR) record is the opposite of an A record. It supports reverse lookups by providing the IP address-to-hostname information in a reverse lookup zone file (reverse zone). This format is essentially an A record with a reversed IP address listed first followed by the hostname. This differs from a forward lookup zone file (forward zone) in which the A record is used to find the host using the hostname.
Ring topology
Considered a legacy topology the ring topology is a continuous ring of connections where each node is connected to the nodes directly adjacent to it. Data is passed from each node to the next, in a circular pattern. A node can only transmit to the next node on the ring. Token ring is the method using a token that is passed from one node to the next. While a node has the token it can pass it to the next node. It can also receive and replace the data if it is the destination of the token.
DHCPV6
DHCPv6 handles dynamic address assignment much the same way DHCPv4 does with the exception of the ports used. DHCPv6 listens on port 546 and responds on port 547. The IPv6 process is known as autoconfiguration and assigns addresses using FE80::/64 as the first 64 bits. The host portion of the address can be assigned randomly or it can use the EUI-64 method
Data loss prevention
DLP (data loss prevention) is a risk mitigation technique that prevents network data classified as sensitive from being downloaded, transmitted or copied.
DNS poisoning and ARP poisoning
DNS poisoning, or DNS spoofing, attacks DNS servers by changing a webserver's DNS record, redirecting legitimate traffic to a spoofed or compromised server. This enables the hacker to gather all the data intended for the legitimate server. The DNS system constantly updates other servers with its records so the poisoned address can spread quickly. ARP poisoning works in much the same way, however the ARP tables are attacked, changing the IP address and MAC address information stored on them.
DNS Hierarchy
DNS root servers are shown as a dot at the top. The top-level domain (TLD) servers are labeled as .com, .org, .edu, etc. or by the country code (ccTLD) .us, .uk, or .jp to name a few. The second-level domain servers (SLD) are directly below their TLDs in this hierarchy. These are the domains assignable by domain registrars. Third-level domains are subdomains of SLDs.
DSL
DSL (Digital Subscriber Line) is another copper-based connection method capable of using the PSTN to support multiple voice and data channels. DSL can support multiple channels of voice and data at very high speeds. In a best-case scenario, it can be comparable to T1 or cable broadband connections. Your DSL throughput is dependent on your proximity to your telephone company's Central Office (CO). The DSL signal suffers range limitations like ISDN. As a rule, the closer you are to the CO the greater your throughput. There are several varieties of DSL they are referred to collectively as xDSL with x being the variable.
RFID
Data is stored electromagnetically on an RFID (Radio Frequency Identification) tag. The tag can be active (battery powered) transmitting at regular intervals or passive obtaining the power to transmit from a tag reader. RFID tags are a highly efficient inventory control tool. They can be used to select items to ship and calculate the remaining inventory.
DTLS
Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed[1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees.
Default route
Default routing is a variant of static routing. A normal static route specifies communication between two known networks. A default route is configured to send packets destined to any unknown destination to the next hop address.
Screened subnet
Demilitarized zone (DMZ) A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces. -Interface 1 is the public interface and connects to the Internet. -Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached. -Interface 3 connects to an intranet for access to and from internal networks. The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network, such as the Internet or an extranet, and an internal network.
Channel bandwith
Depending on the wireless standard used, the designated frequency range is divided into channels. Ideally, these channels will not overlap each other to prevent interference. However, this is not the case. Channels have a bandwidth of 22MHz. As a result, channels 1, 6, and 11 are commonly used to avoid overlap. These non-overlapping channels are 5MHz apart from the next closest non-overlapping channel.
DiffServ
Differentiated Services (DiffServ) works at OSI Layer 3 to examine all traffic and prioritize time-sensitive packets like voice and video. DiffServ modifies the DiffServ field in an IPv4 packet or the Traffic Class field in an IPv6 packet. This information tells routers how to handle the packets.
Disabling unnecessary
Disabling unnecessary services is an essential method in order to prevent random attacks. By default, an OS installs all of the services it predicts the PC will run. An average user will probably not use many of them. However, these services will remain open and accessible until they are disabled.
DNS
Domain Name System Port 53 Ties a domain name to an IP address and allows you to access sites by name in your browser.
Jitter
During network communication, the sequence of the packets can be delayed and arrive out of sequence. This is called jitter or PDV (packet delay variation). The signal path and latency both contribute to jitter. Typically jitter only causes slight delays in normal network traffic as lost packets are retransmitted. Jitter is most noticeable in VoIP, video streaming and gaming. The solution is a small buffer to allow steady data flow.
DHCP
Dynamic Host Configuration Protocol Port 67 (server) Port 68 (client) Configures IP address info -IP address -Subnet mask -DNS -Default gateway -Statically set IP = no DHCP
Dynamic
Dynamic routing has the capability of determining the best path between networks. This method also allows the router to detect and compensate for network issues like congestion by rerouting the communication. When new routers are discovered or added their routing tables are updated.
Change native VLAN
Each switch has a default interface configured to accept traffic not assigned to a specific VLAN. This is the default VLAN. Each trunk will have its own native (not default) VLAN, typically VLAN 1. Some management protocols are also configured to use VLAN 1, creating a mix of management data and other traffic on the link. In this case, move this native VLAN to another unused number. Now, the management protocols will use VLAN 1 while other untagged traffic will use the new native VLAN number.
ARP address
Each switch has an ARP (Address Resolution Protocol) table to store the IP addresses and MAC addresses of the network devices. The ARP table is used to determine the destination MAC addresses of the network nodes, as well as the VLANs and ports from where the nodes are reached.
EAP-TLS
EAP-TLS uses the public key infrastructure with TLS encryption. EAP-TLS is Certificate based.
Patch panel
Each Ethernet deployment needs a method to distribute the signal. Usually you will have a switch that will connect to a port on a patch panel. The patch panel is designed to enable you to distribute the traffic to workstations or other switches.
Log reviewing
Each time a device like a switch, router, firewall or the Webserver OS performs an action it records the activity in a log file. A good example is a honeypot log that reveals attacks and exploit attempts. That log file is viewable and stored in a central location using the syslog format. These files contain an enormous amount of information and require a lot of effort and concentration if they are being reviewed line by line. Fortunately, there is software available that allows you to view the information graphically. More on that later in SIEM. The important point here is that the logs be monitored and reviewed regularly.
Social engineering
Employees present a security risk since human nature can cause employees to divulge information to the attacker. This is referred to as social engineering and uses a perceived sense of trust in order to trick users into revealing confidential information. The attacker may be posing as an authorized employee asking to gain information about the network. For example, a "help desk" intruder may be able to get a password from a user with little to no effort. There are many types of social engineering and we will cover those described in the objectives.
Protocols
Establishes the rules and encoding specifications for sending data. examples of types: -identify each other -form data types -sending/receiving -error checking -compression -encryption
Crosstalk
Ethernet cables consist of eight wires wrapped into a single cable. With each cable capable of generating EMI. The wires are separated into pairs and twisted to prevent the wires to run in parallel and reduce interference or crosstalk. Crosstalk can be found at the cable ends where the wires run parallel into the connector. Interference that occurs at the transmitting end is called NEXT (near-end crosstalk) and at the receiving end, it is FEXT (far-end crosstalk).
Document findings, actions, and outcomes
Every completed trouble call should be logged and all contributing details should be documented. This allows your administrators to recognize and mitigate future issues of this type.
Rack diagrams
Every network connection from the wall jack to the IDF/MDF will be clearly labeled. Your routers, switches, and servers will be mounted in a rack in the IDF/MDF closet (room). The wiring and port location information for each connection will be labeled on the switch. The available space for this label is small and will usually be coded. The cables should be tagged with similar coded information containing the floor of the building, office or area where the destination jack is located. In addition to the coded tag, the cables may also be color-coded and barcoded based on their application.
FTPS
FTPS is an extension to the commonly used File Transfer Protocol that adds support for the Transport Layer Security and, formerly, the Secure Sockets Layer cryptographic protocols.
Fiber Cable
Fiber optic transmissions use pulses of lights for signaling which are then sent over plastic or glass strands. The glass medium (fiber) is susceptible to breakage and signal loss if it is bent over a certain radius which is dependent on the thickness of the fiber. Fiber optic cable should never be coiled tightly. The fiber core is protected using a plastic sheath wrapped in synthetic strength fibers, which give the cable resistance to breakage. A plastic outer sheath completes the wire. If there is any concern about moisture seeping into the cable, a synthetic gel is used to fill any gaps and protect the fiber core
Fibre Channel
Fibre Channel (FC) runs separately from Ethernet networks using a different architecture that maximizes data access and storage speed. This is accomplished by using fiber-optic connections and specialized Fiber Channel hardware including the Host-Bus Adapter (HBA) that connects to the Fibre Channel SAN. A conventional NIC is still used to connect to the LAN.
FCoE
Fibre Channel is a high-speed data transfer protocol providing in-order, lossless delivery of raw block data. Fibre Channel is primarily used to connect computer data storage to servers in storage area networks in commercial data centers.
FTP
File transfer protocol port 21 - establishes connection port 20 - to transfer data Set of rules that computers follow for the transferring of files from one system to another over the internet. Unencrypted. -Connect to your server -Browse all of the files on your server (even the hidden ones) -Upload files from your local computer to your server -Download files from your server to your local computer
EAP-FAST
Flexible Authentication via Secure Tunneling (EAP-FAST) is a protocol proposed by Cisco Systems as a replacement for previously proposed Lightweight Extensible Authentication Protocol (LEAP). EAP-FAST was designed to address the weaknesses of LEAP while preserving its "lightweight" implementation. EAP-FAST uses a pre-shared key called Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified.
VPN concentrator
For large organizations that maintain multiple simultaneous VPN connections, a device called a VPN concentrator is used as the VPN server. The VPN concentrator can assume the tasks of VPN client authentication, establishing VPN tunnels and managing the encryption used for VPN transmissions. VPN encryption will be IPsec and SSL
Copper
From the first telegraph line to today's high-speed networks, copper cabling has been fundamental. While it is being displaced in WANs you will still find copper in last mile implementations like coaxial Broadband, DSL and the T1-T3 local loop. Ethernet and wired phone systems will also be copper. Copper is a low cost, low maintenance installation
Identify the problem
Gather information - Your first step is to get as much information as possible about the issue. Find out the symptoms, question the users(s) about any changes they are aware of to determine if anything has changed. Duplicate the problem, if possible. Ask the user to do it if possible. You may notice an input error or another behavioral possibility. Approach multiple problems individually. Solve each problem one at a time and make only one system change at a time.
Smart jack
Often you will find that the demarc device is a smart jack capable of monitoring the connection for data errors and reporting them to the carrier. The smart jack can also be checked by the technician by monitoring the status and activity LEDs.
HTTPS
HTTP Secure Port 443 Uses encryption protocols to secure HTTP traffic. Most commonly Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
SDSL (Symmetric DSL)
Here the upload and download speeds are the same. Maxing out at roughly 2 Mbps in each direction.
High Availability
High availability (HA) is a term used to identify the uptime of a network. Availability is measured as an average percentage. Downtime is calculated and then rated. For example, a system that functions reliably nearly all the time may be rated as 99.999% which equates to about 5 minutes a year downtime or less than 30 seconds a month. Compare that to a network rated at 99% which will be down roughly 8 hours a month. The availability is you require relative to your business needs and budget. Your SLA with customers is an important consideration here. The more 9's your network supports the higher the equipment cost and technical support you will need. A four 9's network will be down 8 seconds a day or less than an hour per year on average. A five 9's network will average out to around .4 seconds a day. An essential element of availability is to eliminate a single point of failure. Redundant circuits prevent a switch or firewall failure from bringing the network down.
PPPoE
PPP over Ethernet (PPPoE) denotes the use of PPP on an Ethernet network.
Distributed switching
In the virtual environment distributed switching provides a centralized control point for VMs and virtual server clusters across multiple points. This simplifies network management and reduces errors. On each physical host, an agent is installed. A supervisor module on the distributed switch then controls the hosts.
HTTP
Hyper Text Transfer Protocol Port 80 Defines the way web pages are loaded and transmitted across the Internet.
ID Badges
ID Badges are used to identify employees. Depending on the access model, the ID badge can also provide electronic information to allow access to restricted areas. Badge readers are also placed strategically around locked areas in order to permit access to authorized parties.
IPAM
IP Address Management (IPAM) is software that can track, plan, and manage IP addressing on networks. It is widely available from vendors and third-parties. Microsoft's implementation automatically discovers IP address infrastructure and DNS servers on your network, enabling you to manage them from a central interface.
IPV6 benefits
IPv6 utilizes 128-bit Internet addresses. Therefore, it can support 2^128 Internet addresses—340,282,366,920,938,463,463,374,607,431,768,211,456 If an IPv6 address block contains all zeroes it can be truncated using double colons (::). The example address can be truncated to 2001:0db8:85a3::8a2e:0370:7334 -No more NAT (Network Address Translation) -Auto-configuration -No more private address collisions -Better multicast routing -Simpler header format -Simplified, more efficient routing -True quality of service (QoS), also called "flow labeling" -Built-in authentication and privacy support -Flexible options and extensions -Easier administration (no more DHCP)
IaaS
IaaS (Infrastructure as a Service) places the responsibility of application installation and management as well as backups and data management on the customer. Depending on the agreement, the customer may opt for hosted virtual desktops (HVD) from the vendor running on their hardware platform.
802.11b
Implemented as a standard in 1999. This standard provides 22 separate channels in the 2.4 GHz band. It can operate at speeds up to 11Mbps at a range of up to 50 meters.
EUI64
In IPv6 addressing the first 64 bits represent the network portion of the address. The remaining 64 bits can be randomly generated or they can be based on the device's MAC address. Since a MAC address is 48 bits more host bits are needed. The 48 bit MAC address uses EUI-64 (Extended Unique Identifier-64) to be converted to meet the 64-bit standard. This calls for an additional 16 bits to be added and the inversion of the seventh bit.
DHCP relay/IP helper
In a network of multiple LANs with different subnets, the DHCP relay agent can allow a single DHCP server to provide the necessary configurations. This is very useful with VLANs. The IP helper address provides support for the rebroadcasting or forwarding of UDP packets across a router. This is not limited to DHCP.
Star topology
In a star topology, all network devices are connected to a central device like a hub or switch. Consider the spokes of a wheel connecting to a hub. In networking, a hub acts at Layer 1 of the OSI model and the switch at Layer 2. In a star topology, switches are preferred because hubs generate frequent collisions.
Safety procedures and policies
In all properly run corporations, safety is a top priority in the workplace. We're not discussing paper cuts here but will look at some major factors you need to be aware of. The Occupational Safety and Health Administration (OSHA) oversees workplace safety from the federal level. They have established procedures for the use and disposal of hazardous material and other workplace guidelines. If your job includes a potential hazard you will be issued personal protective equipment (PPE). This can be a hard-hat, gloves and most importantly eye protection. There are other hazards in your space like cleaners, solvents and other potentially hazardous material. OSHA requires manufacturers to label products that are physically or environmentally hazardous. Be aware of your surroundings at all times. Look out for things like wires that could trip someone. Assess the situations you find yourself in. For example, if you are asked to move something heavy try to determine its weight and center of gravity. Keep the object close to your body and lift with your legs. When lifting, do not strain, get help.
MAC filtering
In computer networking, MAC Filtering refers to a security access control method whereby the MAC address assigned to each network card is used to determine access to the network.
Jumbo frame
In computer networking, jumbo frames are Ethernet frames with more than 1500 bytes of payload, the limit set by the IEEE 802.3 standard. Commonly, jumbo frames can carry up to 9000 bytes of payload, but smaller and larger variations exist and some care must be taken using the term.
ACL
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.
VNC
In computing, Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical-screen updates back in the other direction, over a network.
iSCSI
In computing, iSCSI is an acronym for Internet Small Computer Systems Interface, an Internet Protocol-based storage networking standard for linking data storage facilities. It provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network.
Load balancing
In computing, load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient.
netstat
In computing, netstat is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and a number of network interface and network protocol statistics.
route
In computing, route is a command used to view and manipulate the IP routing table in Unix-like and Microsoft Windows operating systems and also in IBM OS/2 and ReactOS. Manual manipulation of the routing table is characteristic of static routing.
SFTP
In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force as an extension of the Secure Shell protocol version 2.0 to provide secure file transfer capabilities.
T1/T3 - E1/E3
In contrast to the technologies listed so far only the T-carrier, E-carrier in Europe, technology provides a high speed dedicated logical circuit that is used exclusively by the customer. Developed in the 1970s the T-carrier system offered businesses dedicated always available connectivity. To use the service the customer leases the lines according to their bandwidth needs. The cost of the service varies and is dependent on the distance between the provider and the subscriber and the subscriber's line rate requirements. The T carrier system uses TDM (time-division multiplexing) to allow a single T1 circuit to carry 24 channels with a throughput of 64 Kbps each. A T3 circuit carries 28 channels at 64Kbps each.
Wireless controller
In large organizations, your wireless network will have multiple APs and some may even be in different buildings. The nature of wireless networking is that it is constantly changing APs are added and policies are modified. In order to be compliant with these changes, A Wireless controller is used. The wireless controller is capable of centralized management of all WAPs through a single interface. The wireless controller allows you to add access points, manage and configure all access points and monitor activity on each AP.
Disabling unused ports
In much the same way services are activated by default, IP ports are also opened by default. When discussing unwanted ports, virtualization must also be considered. Check the PC for unwanted active ports. Remember that all the virtual devices should be checked individually.
Site survey
In order to assess the coverage area and determine the best AP placement for your WLAN, a site survey should be performed. A handheld Wi-Fi analyzer can be used to perform a site survey. When performing a site survey, the ultimate goal is to achieve the strongest signal-to-noise ratio (S/N) which is measured in decibels (dB). he S/N is measured using a negative scale, meaning that a more positive number represents a stronger signal. For example, a -40 dB signal is significantly stronger than a -80 dB signal.
DNS Service
In order to effectively administer DNS in your organization, you need a working knowledge of how the namespace database is arranged. The namespace databases are stored in DNS zone files. These zone files store the data in a number of resource records. Each resource record is designed to hold precise types of data serving specific functions.
Standard operating procedures/work instructions
In order to function properly, every organization will have standard operating procedures and policy documentation governing all aspects of the operation. This documentation will vary from one organization to another in specifics, but will all cover the network configuration, special instructions and contact information of administrators and vendors. There will also be detailed floor plans indicating the physical locations of all hardware covering everything from devices like switches, routers and Telco closets (IDF/MDF) to the water and power cutoffs. This information will also include the manufacturer, device type and asset tracking information. Your instructions should be vetted by management to ensure that there are no negative events caused by your activity.
DHCP
In order to manage IP addressing and configuration on network clients, a DHCP (Dynamic Host Configuration Protocol) server is used. The DHCP server automatically provides all of the configuration information to clients while preventing address duplication.
TTL
In the DHCP environment, Time to Live (TTL) is a value (usually 20 minutes) assigned to the DHCPOFFER after which the offered address is returned to the pool.
Mesh Topology
In today's wired environment mesh networks are rare. The concept of redundant connections remains applicable to the wireless environment as you will see later. The wired mesh is configured so that each node will have a direct connection to every other node. For example if you have a network with four PCs, each would have three connection points with each connection linking to another network node, as the network grows the wiring itself becomes more challenging. Mesh networking reduces the "single point of failure" that a hub or switch would represent.
In-band/ Out-of-band management
In-band management requires that the program be installed on each device being configured. The devices being configured must be powered on limiting some of your options. Out-of-band management provides the capability of managing your network from an external connection. Your connection can be initiated with a dial-up connection or a cable modem. A console router on the server side can centralize the management of these devices.
Connectivity methods
Internet - This is a highly insecure option. While it is comparatively inexpensive and simple to use, there are unpredictable latency issues that could affect performance. Remote access - These connections offer increased security by creating secure tunnels but are still subject to the quality issues of the Internet. Leased line - This option reserves a predetermined bandwidth allocation between the customer and the cloud service provider, usually over a private WAN. Dedicated connection - This is the most expensive connection method. Here, it is possible to connect from the customer location directly to the cloud provider. Since the majority of cloud providers have strategically located points of presence (PoP), access qualities are assured.
ICMP
Internet Control Message Protocol It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.
IPSec
Internet Protocol Security (IPsec) is a way of making Internet communications more secure and private. IPsec is a collection of protocols for securing Internet Protocol (IP) communications by authenticating (and optionally encrypting) each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.
IMAP
Internet message access protocol port 143 secure port 993 used by email clients to retrieve email messages from a mail server over a TCP/IP connection.
IP
Internet protocol Think of IP as something like the postal system. It allows you to address a package and drop it into the system, but there is no actual direct link between you and the recipient. Instead, there is a "web" of links interconnecting with each other. This is where IP and TCP come in. IP tells packets what their destination is and how to get there.
Inventory management
Inventory management encompasses all the company's assets. Inventory management software is used to keep track of the assets and their locations. From the demarc to the workstation each device (asset) should be recorded by the manufacturer, model number, date of acquisition and its location. This includes the CSU/ DSU, routers, switches, servers, and even cables. Many companies use asset tags with barcodes to identify the asset. RFID tags are prevalent in asset identification plans.
Demarcation point
It is important to know where the provider's responsibilities end and the customer's begins. This point is called the demarc (demarcation point). Today's demarks will be a NID (Network Interface Device) or NIU (Network Interface Unit) placed on the outside of your building or directly inside the premise. The provider is responsible for the delivery of the signal to the demarc and its operation while the customer is responsible for the signal distribution from that point. This is a good place to start troubleshooting network issues.
IPV4
It is the underlying technology that makes it possible for us to connect our devices to the web. Whenever a device accesses the Internet, it is assigned a unique, numerical IP address such as 99.48.227.227. To send data from one computer to another through the web, a data packet must be transferred across the network containing the IP addresses of both devices. IPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for 2^32 IP addresses in total â around 4.29 billion.
Kerberos
Kerberos is the default authentication protocol for Active Directory. Key encryption is used for client verification and communication. Kerberos uses SSO (Single sign-on) authentication which allows a user to sign on once and conveniently access multiple resources, eliminating the need to sign into each resource individually. In AD, Kerberos is the default authentication protocol but is not the only one supported. LDAP (Lightweight Directory Access Protocol) serves as a common model for accessing the existing directory structure. AD and LDAP can run concurrently.
LDAPS
LDAP secure port 636 LDAP over TLS and LDAP over SSL, LDAPS allows for the encryption of LDAP data (which includes user credentials) in transit when a directory bind is being established, thereby protecting against credential theft.
IDF/MDF documentation
Labeling must be documented. The documentation enables technicians to quickly understand the cable purpose and the location it serves.
LDAP
Lightweight directory access protocol port 389 is an open and cross platform protocol used for directory services authentication.
LLDP
Link Layer Discovery Protocol (LLDP) is a layer 2 neighbor discovery protocol that allows devices to advertise device information to their directly connected peers/neighbors.
Link state
Link-state protocols allow routers to communicate with routers beyond the two hop limit of distance-vector protocols. OSPF (Open Shortest Path First) is a link-state routing protocol. The best path to a destination can be determined using a network map it creates from the other routers. Link-state protocols adapt quickly to network changes. OSPF was developed to improve RIP. OSPF is stable, converges quickly, and supports large networks. cost based (distance, speed, bandwidth, mtu)
Local authentication
Local authentication describes an AAA model where all processes are performed on the local device.
Logical vs. physical diagrams
Logical network diagrams focus in on how traffic flows across the network, IP addresses, admin domains, how domains are routed, control points, and so on. A physical network diagram will, ideally, show the network topology exactly as it is: with all of the devices and the connections between them.
Subnet
Logical segment of an IP network.
MTBF
MTBF (Mean Time Between Failure) Is the predicted operational life of a device before it fails. This is based on manufacturer testing. This metric is quite useful as equipment nears the end of its life expectancy, you can plan replacements or upgrades.
MTU
Maximum Transmission Unit a measurement representing the largest data packet that a network-connected device will accept. Imagine it as being like a height limit for freeway underpasses or tunnels: Cars and trucks that exceed the height limit cannot fit through, just as packets that exceed the MTU of a network cannot pass through that network. typical size = 1500 bytes
MTTR
MTTR (Mean Time To Repair) As the name implies this is the average time it will take to repair an outage condition. Your ISP will define these times in your SLA.
Modem
Modems perform the function of translating a signal from different formats. We call this process modulation when we are transmitting and demodulation when receiving the signals MODEM for short The most recognizable example is the Phone modem that takes the audio analog signal sent across a connection using the Plain Old Telephone Service (POTS) connection and converts (demodulates) it to a digital signal for the PC. The PCs digital response is then modulated to analog for transmission. It is quite common to see cable modems in many networks. The cable modem converts the digital signal from the provider and converts it to Ethernet or wireless signals making it more of a bridge than a modem.
Unidirectional/ omnidirectional
Most antennas used in home and office Wi-Fi are omnidirectional antennas. These antennas send and receive data in 360 degrees as and a result, the signal is available in the full circle. Unidirectional antennas transmit only in one general direction (point-to-point), allowing the full power of the transmission to be focused on a particular area.
Upgrading firmware
Most network devices have a link to update the firmware. Update your firmware as soon as possible and follow the instructions for your device and model.
Bandwidth speed tester
Most of us are familiar with the service providers bandwidth statements. ISPs host online speed test sites to enable you to check your actual performance online. The tests are also available as apps. You can configure the app to test your company's LAN or WAN. You'll see that the upload and download speeds vary over the course of a day. You can schedule the tests to run automatically and analyze the usage.
Motion detection
Motion detection is used to monitor for physical activity, often triggering an alarm or alerting security personnel. The sensitivity of the detector is calibrated in order to prevent false alarms. These detectors can trigger event monitoring, recording the date and time of the activity along with turning on the lights and enabling video recording.
Multifactor authentication
Multifactor authentication provides greater security by requiring multiple authorization components from two of the five factors presented below. Here is how CompTIA defines them: Something you know - This is a password or PIN. Something you have - This can be a smart card, smartphone, or a digital key fob. Something you are - Stored physical data is used for authentication. The geometry of your face, your fingerprint, and your iris all represent something you are. Somewhere you are - This method requires your location to match the stored data. Something you do - This represents the individual aspects of the way you enter data. Speech recognition allows your speech pattern to be compared with the sample. Even the speed at which you type can be used.
MPLS
Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows.
NAC
NAC (Network access control) uses network policies in order to control and set the appropriate type and level of access for each device. Access control lists are an example of access control policy.
NS
NS stands for 'nameserver,' and the nameserver record indicates which DNS server is authoritative for that domain (i.e. which server contains the actual DNS records). Basically, NS records tell the Internet where to go to find out a domain's IP address. A domain often has multiple NS records which can indicate primary and backup nameservers for that domain. Without properly configured NS records, users will be unable to load a website or application
NAT
Network Address Translation (NAT) was designed to reduce the need for public IP addresses required by a network. A gateway provides separation between a private network and the public network by assigning private IP addresses to its network. Only one Public IP address is used and the private network is invisible to outsiders. The private devices use the gateway to communicate with the Internet or other networks. The gateway translates the private address to the gateways public address. This is great for outbound sessions but presents a problem with inbound sessions since they are returned to the public address and do not contain the NAT information.
NAS
Network Attached Storage (NAS) is storage that is attached directly to the network. This allows for easily accessible file storage. NAS uses file-level storage meaning that any changes to a file result in a new file being created. NAS devices appear to the network as a single device but can contain multiple drives.
NTP
Network Time Protocol port 123 for clock synchronization between computer systems over packet-switched, variable-latency data networks.
Network Baselining
Network baselining is the act of measuring and rating the performance of a network in real-time situations. Providing a network baseline requires testing and reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage.
Network segmentation
Network segmentation is used to improve network performance and enhance security. One common implementation of network segmentation is the DMZ, a place where an externally available host on the network between the Internet and the firewall is placed. This host will be available to external users and the firewall will block unwanted traffic onto the network, allowing the internal network to operate normally. The DMZ can also contain an intentionally vulnerable honeypot or honeynet intended to attract hackers and capture their intrusion methods.
nmap
Nmap is a computer program that is used for port scanning (finding out all the ways a computer communicates with other computers on a network). It was written by Gordon Lyon. It can also do other kinds of scanning. This is because Nmap is open source, so many people can help write it to make it better. Nmap works on most operating systems. It works on Linux, Microsoft Windows, Mac OS X, Solaris, and BSD. Most people use it on Linux, but many people use it on Windows.
NIC teaming / Port aggregation
On the devices NIC teaming allows you to configure two or more NICs in a Windows device and have it appear as a single logical interface. On Cisco devices, this method is called port aggregation. Whatever you call it performance is increased as this practice provides higher throughput, failover protection, and practical load balancing.
Test the theory to determine the cause
Once the theory is confirmed, determine the next steps to resolve the problem. Whenever possible use a test workstation to plan and implement your repair. If the theory is not confirmed, re-establish a new theory or escalate the issue to get some help.
Open and shared
Open and shared authentication are two authentications in WEP. The main difference between WEP Open and WEP Shared is that WEP Open automatically authenticates any client without considering whether he has the correct WEP keys while WEP shared performs the actual authentication process.
Port scanning
Open network ports on a system are examined by port scanning. You can scan for devices and open ports from the command line using the Nmap utility. Nmap can provide the information about the operating systems and services running on hosts. Third-party utilities provide more features and use a GUI. zenmap is a free and open source GUI for nmap.
Media converter
Operating at OSI Layer 1 a media converter enables you to take advantage of the optimal network media to meet your needs. For example, if you need a connection that exceeds the 100m Ethernet limitation you can switch from copper to fiberoptic media on one end and then back to copper using another media converter if necessary.
HTTPS/management URL
Our network devices once required individual command line configuration. Today's devices often provide access to all settings through an SSL secured management URL.
Vulnerability scanning
Our networks are continuously under attack. Vulnerability scans are used to detect potential network weaknesses without taking any action. Your network can be tested for vulnerabilities by your internal IT staff. You can also use an outside party to perform vulnerability tests. To attempt to exploit any vulnerabilities discovered, the penetration testing process uses the available tools and utilities to simulate an attack, attempt an exploit. and determine the scope of the vulnerability. Consider vulnerability scans as a non-invasive action versus the invasive nature of a penetration test scan. Remember that there are constant exploit attempts and more importantly the hackers are using the same tools against you. The topics that follow describe some of the methods of detection and defense.
PEAP
PEAP is a Protected Extensible Authentication Protocol (PEAP), also known as Protected EAP, is an authentication protocol that encapsulates EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel. It was developed and published to correct deficiencies in EAP (EAP assumed a protected communication channel, so facilities for protection of the EAP conversation were not originally provided). PEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security.
PaaS
PaaS (Platform as a Service) places the responsibility of application installation, backups, and data management on the customer. The vendor provides the hardware, operating system, and related support software. Amazon Web Services, Google Cloud Platform, and Microsoft Azure are examples of this service level. This level is beneficial to developers who can test their work virtually.
Packet-switched networks
Packet-switched networking is by far more efficient and adaptable to IP networks. IP protocols break the data into packets before transmission. Since each packet contains the necessary addressing information and sequencing, each packet is free to take the fastest route to its destination. The packets can arrive at the destination in any order. The destination node will use the control information in each packet to reconstruct the transmission. This method uses considerably fewer network resources than the circuit switched alternative.
Brute force
Passwords are the bane of computing today. Users and hackers prefer short and simple passwords. Administrators prefer long and complex passwords in order to avoid security issues. Please follow the advice of administrators. Use a mix of numbers, upper and lower case letters, and symbols. Ensure the password is at least eight characters long. Having said that, a complex password is not immune to brute force hacking. A complex password is just harder to crack
Patch management
Patch management is the technique of planning, testing, and installing patches to a computer or computer system to keep it up to date, as well as determining which patches should be applied at particular times to which systems.
Patching and updates
Patching and updates are usually handled by the software or hardware running on the device. For example, a recent webserver attack was recognized and the administrator was notified of the required patch. The patch was either not installed or it was not configured properly. The end result was the exposure of user credentials. This attack was against Equifax where the user credentials of over 150 million users were exposed.
On-boarding/off-boarding procedures
Permitting wireless network access for a device is called on-boarding and the removal of a device is called off-boarding. Today's office environments contain a mix of company assets and personal devices to perform work. Care must be exercised when permitting devices to access the network. Here mobile device management (MDM) software will allow greater control over this process.
Ping
Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.
Establish a plan of action to resolve the problem and identify potential effects
Planning your repairs is as important as the actual repair. Whenever possible use a test workstation to plan and implement your repair. This will allow you to identify any unforeseen negative consequences to your actions.
Port forwarding
Port Forwarding redirects traffic to a port other than its default. For example, FTP uses insecure port 21. With port forwarding you can use a different, possibly secure, port to disguise the traffic. This is a feature of NAT and needs to be configured on the gateway. An external host must know the address and port number to communicate.
Port security
Port security is the practice of securing ports against unauthorized access using software or hardware. MAC address filtering is used to block unauthorized traffic based on the source MAC address and an updateable address table. The switch-port can be easily disabled.
POP
Post office protocol port 110 secure port 995 responsible for the management of messages on the server (saving them or deleting). Deleting the message after delivery is the default mode. Leaving messages on the server is useful if you use multiple devices for messaging.
802.3af
Power over ethernet describes any of several standards or ad hoc systems that pass electric power along with data on twisted pair Ethernet cabling this allows a single cable to provide both data connection and electric power to devices such as Wireless Access Points (WAPs), Internet Protocol (IP) cameras, and Voice over Internet Protocol (VoIP) phones. 15.4 watts
802.3at
Power over ethernet + 25.5 watts
Private vs public IP address
Private IP address of a system is the IP address which is used to communicate within the same network. Using private IP data or information can be sent or received within the same network. Public IP address of a system is the IP address which is used to communicate outside the network. Public IP address is basically assigned by the ISP (Internet Service Provider).
PDU
Protocol data unit A single unit of information transmitted among peer entities of a computer network. A PDU is composed of protocol-specific control information and user data.
QoS
Quality of Service (QoS) is a group of techniques that ensure that voice and video communications are handled in a time-sensitive manner. This will avoid jittery VoIP or choppy video streams. Prioritized traffic is given all of the network bandwidth it needs. We'll look at two of the standard techniques used for QoS next.
Establish a theory of probable cause
Question the obvious. Is the NIC plugged in and working? Check for network access. Consider multiple approaches. There are many ways to skin a cat. This is especially true here. Top-to-bottom/bottom-to-top OSI model. Decide whether the problem seems to be related to an application or a physical device. Now use the OSI model to Divide and conquer your problem. Does it appear to be hardware or software? If it looks like software, you will troubleshoot from the Application layer at the top of the model. A hardware problem would be addressed from the Physical layer upwards through the OSI model.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is the most popular service that centralizes resource management and conforms to AAA functions. RADIUS is an open source standard that can run on a dedicated device, called a RADIUS server, or it can run as software on a server which provides other network services. With regards to security, RADIUS only encrypts passwords making it less secure than TACACS+.
Ransomware
Ransomware is malware that locks the user's computer and encrypts the data on all connected drives, including online storage. The user receives a locked screen with instructions detailing the ransom demand and payment information. There may be a deadline for payment or a threat to delete data if the ransom is not paid. Computers infected with ransomware are not generally recoverable until the ransom is paid. Even then, you may not regain access. Ransomware is a multimillion-dollar operation.
802.11n
Ratified by the IEEE in 2009, 802.11n provided 600 Mbps throughput over greater distances. This higher speed allowed voice and video communications to be supported. 802.11n is backward compatible with 802.11g, 802.11b, and 802.11a.
802.11a
Released after 802.11b, 802.11a has greater theoretical throughput and a greater coverage area. Since the commercial development of 802.11b had already begun, 802.11b became the commercial winner despite 802.11a's doubled coverage area and capabilities in the uncrowded 5 GHz band. 802.11a and 802.11b are incompatible.
RDP
Remote Desktop Protocol port 3389 proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection
Rogue access point
Rogue access points are set up using the same SSID as valid access points. A rogue access point is also known as an evil twin. Once a user accesses the rogue access point, their data in transit can be hijacked or even access to the user data is possible.
IPV6 router advertisement
Router advertisement is used as part of IPv6 autoconfiguration. An IPv6 host can auto-configure its own address. In this process, the host uses a standard prefix with its interface ID based on the host MAC address. The host requests configuration information from the router in a message called a router solicitation (RS). The router responds with a router advertisement (RA) containing the necessary configuration information.
SFTP
SSH file transfer protocol Port 22 Implements file transfer between computers over SSH
Fiber connector types
ST- The ST (Straight Tip) connector is one of the longstanding connector types. You will see this in the field and should be able to recognize it on sight. SC- The SC (Subscriber Connector) has also been in use for some time and is a very reliable stable snap-in connector that offers low signal loss along with ease of use. You may sometimes see this connector called a standard connector or a square connector because of its shape. The ST and SC connectors have a larger form factor than the Mechanical Transfer Registered Jack (MT-RJ) and LC. LC- The LC connector is a newer design relative to the others. You may see it called a Local Connector, Lucent connector or even Little Connector. Its main advantage is its size. The connector is about half the size of the SC connector but otherwise completely comparable.
SaaS
SaaS (Software as a Service) is the most accessible and complete solution since it requires only an Internet browser interface. Applications, data management, and storage are provided by the vendor. Google and Microsoft both offer SaaS virtualized apps, such as Google Docs and Microsoft Office 365. This solution allows access to applications and services without any installation. Users can work from anywhere and on any device with a browser.
Plenum vs pvc
Safety is your number one concern when running network cabling. This concerns not only the usual such as dangling cables or running too close to power lines, but also the materials you are using. The construction of the network cable you are running is something you may not consider, but when examining cables you will find that the outer sheath generally consists of one or two types of material, PVC (PolyVinylChloride) or Plenum grade. Incorrect usage of these two types could result in you having to rewire your entire installation. PVC is cheaper and is perfectly suitable for patch cables and exposed wiring, but once you run inside a dropped ceiling or any location that moves air, plenum grade cabling is required by most states. PVC releases toxic fumes when ignited and it is easily combustible. Plenum cable is less flammable than PVC and mandatory wherever ventilation is present. Plenum cable will be clearly marked.
SSH
Secure Shell Port 22 Establishes secure communication channel between devices
SSH
Secure Shell (SSH) is an Internet communication protocol used mostly to allow users to log into other computers and run commands. It lets people exchange data using a secure channel between two computers.
Using secure protocols
Secure protocols protect data transfers on protected systems. Earlier, we mentioned the SHA protocol. Now, we will address some of the data transfer protocol combinations. SSH (Secure Shell) keys can be generated in order to protect data or devices. SSH keys can be generated and combined with an insecure protocol such as HTTP, creating a strong HTTPS connection. Similarly, SSH and FTP are used together for SFTP.
SIP
Session Initiation Protocol Port 5060, 5061 supports VoIP and multimedia. relies on other protocols such as H.323 to ensure real-time delivery.
SMB
Sever Message Block port 445 Server Message Block (SMB) is a file and print sharing protocol that allows applications on a computer to read and write to files and to request services from servers in a computer network. When using the SMB protocol, an application (or the user of an application) can access folders, files, printers and other resources at a remote server. SMB uses TCP port 445 by default.
MAC reservations
Since dynamic addressing does not work reliably for hosts that must be consistently available, such as a network printer, you can create a MAC reservation on your DHCP server to assign the same IP address to that particular device.
Fiber
Since fiber-optic cabling transmits light it offers very high-speed connections that can travel long distances. Fiber offers very high data rates and is the backbone of SONET. Fiber-optic cabling is quickly challenging some of the traditional copper connections. You will see fiber to copper deployments. Some service providers are even offering fiber to premise installations that will bring the full features right to your home or office.
Penetration testing
Since network security is the primary concern, it is important to know the network's weaknesses. Hacker tools are available to anyone and it's a good idea to examine the network regularly. First, simulate an attack on yourself. A port scanner is a good start. Next, a vulnerability assessment will look for weaknesses and report them. The vulnerability assessment does not exploit any weaknesses found. Penetration testing works the same as a vulnerability assessment, however, the test then attempts to exploit the discovered weaknesses. Penetration testing can be performed in-house or by an outside consultant.
Single-Mode to Multimode Fiber
Single-Mode Fiber (SMF) cable provides the highest bandwidth and longest distances compared to multimode fiber (MMF). SMF uses a very small core and a laser as the light source making it best suited for longer distance backbone connections because of its low signal loss. SMF is less tolerant to bending. It is also more expensive than MMF. A LED can be used as the light source with MMF. MMF has a considerably larger core supporting multiple signal paths. MMF is generally used for shorter distances (>2km) since the larger core supports multiple signal paths and attenuation. MMF is less expensive than SMF.
Smart cards
Smart cards are electronic access badges that are used to unlock doors to authorized areas. These badges often contain a photograph of the user.
Sonet numbers
Sonet - line rate OC-3 - 155.52Mbps OC-12 - 622.08Mbps OC-48 - 2.49Gbps OC-192 - 9.95Gbps
STP
Spanning tree protocol a network protocol that builds a loop-free logical topology for Ethernet networks. -prevents loops -turns certain links to "blocking" -most direct path may not be used -when devices go offline others remove block
Wireless ad-hoc network
Special purpose ad-hoc wireless mesh networks can be configured to enable communication between nodes without routers and gateways. The nodes must be in close proximity to each other. This configuration is best used where there are few connections to static devices.
Spectrum Analyzers
Spectrum Analyzers can be used to optimize the performance of your network. They range from the simplest "How many bars are you getting?" to multicolor spectrum analysis of the wireless environment. Suffice to say that this tool is a useful diagnostic. Keep in mind that wireless signals are measured in dBm and is always expressed as a negative value, making -25 dBm a stronger signal than -90 dBm. Use these devices to avoid channel overlap.
Spoofing
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
TKIP vs AES
TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP is actually an older encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. AES is a more secure encryption protocol introduced with WPA2.
TACACS+
TACACS+ (Terminal Access Controller Access Control System Plus) is a proprietary AAA protocol designed by Cisco in order to run on routers or switches. TACACS+ encrypts all transmissions and provides separation in the protocols used for AAA. Its design allows protocols such as Kerberos to be used for authentication while TACACS+ provides the authorization and accounting service.
Tamper detection
Tamper detection is the ability of a device to sense that an active attempt to compromise the device integrity or the data associated with the device is in progress; the detection of the threat may enable the device to initiate appropriate defensive actions.
5GHz
The 5 GHz frequency band is another unregulated band which is seeing a lot of use in the wireless networking environment. The 5 GHz band is considerably less congested than the 2.4 GHz band. Initially used by 802.11a, later standards also took advantage of this range. 802.11n offers backward compatibility, most notably with 802.11a at 5 GHz at 54 Mbps and 802.11b/g at 2.4 GHz. 802.11ac is currently the best use of the 5 GHz band, offering gigabit speed rivaling Ethernet.
Channel bonding
The 802.11n technology uses channel bonding to increase bandwidth by combining the two adjacent 20 MHz channels into one 40 MHz channel. While this technique is useful in the 802.11n 2.4 GHz band with 11 channels, its real potential lies in the 802.11ac 5.0 GHz band. In the 802.11ac 5.0 GHz band, channel bonding is utilized as follows: one channel at 20 MHZ, two channels at 40 MHZ, four channels at 80 MHz, and all eight channels at 160 MHz.
Ant+
The ANT+ protocol is an ad-hoc protocol that is used for heart rate monitors, GPS and activity tracking and other devices. The information obtained is transmitted to a PC, smartphone or smartwatch.
Hot site
The fastest recovery method is the hot site. This site has all of the hardware and connectivity is up to date and ready to be deployed. There is minimal downtime. Your servers can be configured to mirror data to these sites. This is the most expensive option.
CSU/DSU
The CSU (channel service unit) is usually a stand-alone device that is placed between the NID and the first internal router. It serves as a digital signal termination point and uses error correction and line monitoring to ensure data integrity. The DSU (data service unit), built-in with the CSU, converts the incoming frames from the T-carrier into Ethernet frames for the network. The process is reversed for transmissions. The evolution of these devices has made the CSU/DSU available as an add-on card in a router lowering cost and maintenance concerns.
CNAME
The Canonical Name (CNAME) record contains the alias for a host's CNAME. This allows a hostname alias like myorganization to be recognized by its canonical name www.myorganization.com.
Incorrect cable type
The Ethernet cabling used to connect to the network are all rated according to the specification they support. It is important to look at the cable sheath for the specification it supports. A Cat5 cable on a Cat 6 network will not perform as expected.
EAP
The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Here's how it works: in communications using EAP, a user requests connection to a wireless network through an access point (a station that transmits and receives data, sometimes known as a transceiver). The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
GSM
The Global System for Mobile Communications (GSM) is one of two competing technologies used for cellular communications. GSM uses TDMA (Time Division Multiple Access) to separate data into timeslots, allowing multiple users access to the same channel. GSM requires a SIM (Subscriber Identity Module) card that contains the user's carrier and subscription information. The SIM card can also store your contacts making them portable when you upgrade devices. Since GSM is globally adopted, you can communicate while abroad by simply purchasing a new SIM card for the country you are in (as well as checking with your carrier to avoid getting nailed with roaming charges). GSM phones can be "unlocked" from their network carrier by simply switching their SIM card.
Hypervisor
The Hypervisor or Virtual Machine Manager (VMM) is the software component that contains and controls all the virtual machines and devices on a host. When installing a hypervisor be sure that your processor supports hardware virtualization. Intel-based processors use VTT and AMD uses AMD-V. Be sure these are available and running in UEFI/BIOS. Remember that all storage and memory allocated to your devices will impact the host machine performance.
IR
The IoT has rejuvenated IR (Infrared) technology. Once used mainly in remote control devices to transmit signals IR is now applicable to other devices, like sensors, by interpreting the responses to IR. The Infrared wavelength is not visible to the naked eye. It is below our visible spectrum. The transmission is picked up by a sensor on the receiving device and converted to electrical current. An IR transmission cannot pass through solid objects. The signal can bounce or be scattered to its objective, but it is safer to provide an unobstructed line of sight.
MX
The MX (Mail Exchanger) record supports email traffic by identifying email servers.
Multimeter
The Multimeter is specially designed to tell one about the voltage that is in the cable. Also, it gives the information about the resistance and the current that passes through the wire
IPV6 neighbor discovery
The Neighbor Discovery Protocol (NDP) is part of the IPv6 protocol suite. It serves as a replacement for IPv4 for ARP and ICMP and others. NDP uses five message types: 1. Router Solicitation-The Router Solicitation message is sent by IPv6 hosts to discover the presence of IPv6 routers on the link. 2.Router Advertisement - The Router Advertisement message contains the information required by hosts to determine whether or not to use address autoconfiguration, the link prefixes, MTU, specified routes. 3. Neighbor Solicitation - IPv6 nodes send the Neighbor Solicitation message to discover the link-layer address of an IPv6 node on-link. 4. Neighbor Advertisement - The Neighbor Advertisement contains the information required by nodes to determine the sender's role on the network, and typically the link-layer address of the sender. 5. Redirect - An IPv6 router will send a Redirect message to inform a host of a better first hop address for a specific destination.
NTP
The Network Time Protocol (NTP) is one of the oldest protocols and is used to synchronize the time on packet switched networks. Time synchronization is crucial to systems and processes that update data. A program may ignore your data update if the update is older than its latest saved data.
NDA
The Non-Disclosure Agreement (NDA) is a critical document to protect the company as a whole. It describes how data classifications like private and confidential are to be treated. As you advance in your career you will be exposed to more important information. A casual cup of coffee with a stranger is an opportunity for them to gain strategic information. Your NDA will address any breach and the penalties associated.
PPP
The Point-to-Point Protocol (PPP) directly connects two endpoints on a WAN. PPP uses headers and trailers to encapsulate packets into frames using 8 to 10 bytes of additional data. Along with establishing the connection, PPP supports authentication using protocols like EAP or MS-CHAPv2.
OC-3 - OC-192
The SONET (Synchronous Optical Network) signaling technique uses fiber-optic cabling to provide fault tolerant high-bandwidth WAN connections. SONET uses multiplexing to combine multiple T1 lines. SONET became internationally deployable when the SDH (Synchronous Digital Hierarchy) was implemented. The synchronous data transmission depends on all devices conforming to the timing scheme maintained by a clock that can be checked by individual nodes. When measuring the data rates the OC (Optical Carrier) method is used.
SRV
The SRV (Service) record contains hostname and port details for hosts providing specific services. The SRV record is used for email and FTP among others. For example, H.323 and SIP both require SRV records.
Switch port protection
The STP (Spanning Tree Protocol) prevents traffic loops on switched networks by discovering the best path for the traffic and briefly blocking any redundant paths. The switches communicate STP data using BPDUs (Bridge Port Protocol Data Units). The integrity of the STP data requires some additional safeguards. BPDU guards prevent servers and host devices from being considered as valid paths by the switch. Root guards prevent any switches, beyond the port perimeter, from becoming the root bridge. DHCP snooping is operating system security technology, built into switches, that allows the switch to drop unacceptable traffic. This can occur when a rogue DHCP server offers addresses on the network. The switch will only accept packets from trusted DHCP servers.
VoIP endpoint
The VoIP endpoint is the device that receives VoIP traffic intended for it. The devices here cover a wide range and include IoT devices. Here we will define PCs with VoIP capabilities and mobile devices like cell phones and enabled tablets. The most common implementation is VoIP telephones.
WPA2
The WPA2 certification was introduced in 2004 and replaced the RC4 encryption algorithm with AES (Advanced Encryption Standard) for faster and more secure transmissions. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is used to replace the now deprecated TKIP. CCMP supports data confidentiality, authentication, and access control. A Pre-Shared Key (PSK) can be created with WPA2-personal in a home or small office.
International export controls
The Windows operating system is one of the largest examples of the international export of software. In Windows 10, versions were created for use in Europe (N) and Korea (KN). These versions contain all of the basic features of the operating system without the Windows Media Player, Music, and Skype.
Application layer
The application layer of the OSI model essentially provides networking options to programs running on a computer. It works almost exclusively with applications, providing an interface for them to use in order to transmit data. When data is given to the application layer, it is passed down into the presentation layer.
Wireless
The best example of a wireless WAN is the cellular network. Today's smart devices can access the internet, make calls and send data almost seamlessly. This is important to business travelers and field technicians who may not have alternative options. We say almost seamlessly because your connection quality is relative to your distance from the cell tower. Most cell tower coverage areas overlap and hand the signal off from one tower to another when you are in motion.
pathping
The pathping command is a command-line network utility supplied in Windows 2000 and beyond that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss.
Bus Topology
The bus topology uses a single cable to connect all network nodes. This cable has only two endpoints and must remain intact. Signals can travel in either direction on the bus. So a signal can be transmitted both directions from a node. The signal will travel the length of the bus until the destination node is reached. If a signal is allowed to continue to the end of the cable it will bounce back, creating interference and unwanted noise on the line. This signal bounce is mitigated by using terminators at both ends of the cable. This topology is economical to implement but hard to manage since the bus itself represents a (large) single point of failure. You may find the bus topology as a backbone for routers and switches. A good example would be a network that covers five floors of a building. Here each floor would be a star topology with a router serving each floor. The routers would use a simple bus cable to connect to each other.
Data link
The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer (that includes the IP address for the remote computer) and adds in the physical (MAC) address of the receiving endpoint. Inside every network enabled computer is a Network Interface Card (NIC) which comes with a unique MAC (Media Access Control) address to identify it. MAC addresses are set by the manufacturer and literally burnt into the card; they can't be changed -- although they can be spoofed. When information is sent across a network, it's actually the physical address that is used to identify where exactly to send the information. Additionally, it's also the job of the data link layer to present the data in a format suitable for transmission. The data link layer also serves an important function when it receives data, as it checks the received information to make sure that it hasn't been corrupted during transmission, which could well happen when the data is transmitted by layer 1: the physical layer.
Default gateway
The default gateway is the address of the router that should be used when packets must be sent outside of the local network.
dig
The dig command, allows you to query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among system administrators for troubleshooting DNS problems because of its flexibility and ease of use.
Error rate
The error rate is a metric that counts the packets that require retransmission. It is expressed as a percentage.
Subnet mask
The goal of subnet masks are simply to enable the subnetting process. A subnet mask is a 32-bit number created by setting host bits to all 0s and setting network bits to all 1s. In this way, the subnet mask separates the IP address into the network and host addresses.
Logical topology
The logical topology refers to the non-hardware aspects of the network. This includes the operating systems and protocols used to communicate on a network. The logical topology covers how the nodes on a network use applications and share data.
loopback address
The loopback address is a computing term that is a special IP address of a computer's ethernet network. It is used to allow software on a computer to send information to the same computer using the TCP/IP stack. The special IP address is known as 127.0.0.1 (IPv4) or 0:0:0:0:0:0:0:1 (::1, IPv6)
Network
The network layer is responsible for locating the destination of your request. For example, the Internet is a huge network; when you want to request information from a webpage, it's the network layer that takes the IP address for the page and figures out the best route to take. At this stage we're working with what is referred to as Logical addressing (i.e. IP addresses) which are still software controlled. Logical addresses are used to provide order to networks, categorizing them and allowing us to properly sort them. Currently the most common form of logical addressing is the IPV4 format, which you'll likely already be familiar with (i.e. 192.168.1.1 is a common address for a home router).
Physical
The physical layer is right down to the hardware of the computer. This is where the electrical pulses that make up data transfer over a network are sent and received. It's the job of the physical layer to convert the binary data of the transmission into signals and transmit them across the network, as well as receiving incoming signals and converting them back into binary data.
Physical topology
The physical topology refers to the hardware used to create the network. Hubs, switches, and routers along with the cables and connectors used, define the physical aspect of networks.
Presentation
The presentation layer receives data from the application layer. This data tends to be in a format that the application understands, but it's not necessarily in a standardized format that could be understood by the application layer in the receiving computer. The presentation layer translates the data into a standardized format, as well as handling any encryption, compression or other transformations to the data. With this complete, the data is passed down to the session layer.
Tagged vs untagged port
The purpose of a tagged or "trunked" port is to pass traffic for multiple VLAN's, whereas an untagged or "access" port accepts traffic for only a single VLAN.
Cold Site
This site will contain all of the hardware and software necessary to restore operations. The devices are not configured or connected. You have the task of installing the OS(s) on the server(s) and configuring it. This is true for all routers and switches necessary, representing a considerable amount of time and effort. It is the least expensive option and takes the longest time to recover.
802.11ac
This standard provides well over 6 Gbps on the 5 GHz band. 802.11ac access points can handle multiple data streams on the same frequency. 802.11ac devices are often dual-band, meaning they can operate on the 2.4 GHz or 5GHz bands eliminating any compatibility issues with legacy equipment.
System life cycle
The system development lifecycle is a continuous process that consists of several distinct and clearly defined phases. The process is a plan that enables engineers and developers to manage a system from its inception through its useful life until its ultimate disposal. - Initiation = The process begins when a need is identified. Even better to capitalize on an opportunity. Here you will create a proposal. - System = concept development Now the fun begins. Your documentation should address the scope of concept., a cost-benefit analysis, feasibility study and a good risk management plan. - Requirement analysis = This phase covers user requirements and a functional requirements document. - Design = Here the detailed requirements are used to create a detailed design document that delivers the desired functionality. - Development = Here is where you use the information gathered to create a complete system. You will test the new system arduously creating databases, compiling programs and testing all aspects of functionality. - Integration = and test In this phase you demonstrate the system performance and adherence to requirements. - Implementation = Here you prepare the system for introduction to the production environment and resolve any issues. - Operation and maintenance = Here you describe the tasks necessary to keep the system running optimally. - Disposition = This phase describes the actions to be taken when a system is retired. Primarily data preservation is a key aspect here. - Asset disposal = All company assets should be tagged and logged for tracking. When a system is retired it is vital to remove and safely destroy any objects that can store data. Your local municipality can advise you in this area.
Exploits vs. vulnerabilities
The terminology we use is important to understand. Here any weakness in a system that could be compromised is called a vulnerability. Not all vulnerabilities are attacked. When vulnerabilities are used to gain access or information, this is called an exploit
File hashing
The terms hashing and encryption are often misused. Hashing a file transforms the data into a different type. The hashed data cannot be recovered. Hashing is used to protect password files. The more complex the hashing algorithm, the more difficult it is to crack the file. The most common file hashing method uses a variant of the SHA (Secure Hashing Algorithm). File encryption is coupled with hashing in order to further harden the files and the data.
Latency
The time it takes for a signal to travel from its source to the destination is called latency. The latency is measured in milliseconds (ms).
Transport
The transport layer is a very interesting layer that serves numerous important functions. Its first purpose is to choose the protocol over which the data is to be transmitted. The two most common protocols in the transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol); with TCP the transmission is connection-based which means that a connection between the computers is established and maintained for the duration of the request. This allows for a reliable transmission, as the connection can be used to ensure that the packets all get to the right place. A TCP connection allows the two computers to remain in constant communication to ensure that the data is sent at an acceptable speed, and that any lost data is re-sent. With UDP, the opposite is true; packets of data are essentially thrown at the receiving computer -- if it can't keep up then that's its problem (this is why a video transmission over something like Skype can be pixelated if the connection is bad). What this means is that TCP would usually be chosen for situations where accuracy is favored over speed (e.g. file transfer, or loading a webpage), and UDP would be used in situations where speed is more important (e.g. video streaming). With a protocol selected, the transport layer then divides the transmission up into bite-sized pieces (over TCP these are called segments, over UDP they're called datagrams), which makes it easier to transmit the message successfully.
Wireless infrastructure network
The wireless infrastructure uses connectivity devices to distribute the signal over the intended coverage area. Wireless Access Points (WAPs) can be used to create or extend the coverage area. WAPs should be centrally placed to provide even coverage to the nodes. Multiple APs can be used to extend the coverage area.
Satellite
There are close to 5,000 satellites currently orbiting the Earth! They serve various purposes from observation to GPS. Of particular interest to us are the nearly 800 communication satellites. The communication satellites make it possible for us to communicate with nearly every part of the globe delivering data, voice or video. This is made possible by placing the satellites in a geosynchronous orbit, meaning that when viewed from Earth the satellites appear to be stationary. Some communication satellites maintain a geosynchronous orbit above the equator and are called geostationary. This stationary technique allows accurate transmissions between the Earth and the other geosynchronous satellites. Satellite communication relies on line of sight transmission and is subject to physical obstructions like thick storm clouds, a condition known as rain fade. It also has higher latency than other WAN technologies since the signal is transmitted thousands of miles to the satellite then thousands of miles back down.
Crimper
This tool is used to attach the connectors to the cable. Typically, this tool also includes a wire-cutter and wire-stripper. So if you buy a crimp tool, you don't have to buy a wire-cutter and wire-striper separately.
DHCP service
There is no doubt that DHCP makes everyone's life easier, from the end user to the network admin. But since nothing is perfect, some of the DHCP services need to be modified in order to ensure seamless operation.
Change management documentation
There will always be changes to your network like hardware, installations, upgrades and software patches. In a well-structured environment, any moves adds or changes to the network will be documented. When any change is necessary you must be sure that anything you do is documented and that there is a fallback procedure to the "last known good" in the event of problems with the latest change.
A, AAAA
These records hold the name-to-address mapping (conversion) for a given host. The A record stores the mapping in IPv4 compliant format while the AAAA record is the IPv6 equivalent.
Third-party/cloud-hosted DNS
Third-party or cloud-based DNS offers several advantages over traditional DNS services. In many cases, it can be more affordable to use cloud-based DNS as it is scalable, resilient, and secure. Administration is simplified. If you opt for a large cloud provider such as Google, you will reap the benefit of reduced latency due to the presence of multiple geographic locations which are available to resolve traffic quickly.
Privileged user agreement
This agreement is applied to employees that have access to Personal health records. This including Doctors and staff. The employee agrees not to disclose any information relative to these records.
On-path / man-in-the-middle
This attack type redirects secure transmissions and captures them in order to obtain information such as passwords. Users may also be redirected to a fraudulent website that looks legitimate but contains links to other malicious sites.
ADSL (Asymmetric DSL)
This is the most common DSL implementation. It offers greater download speeds than the upload speed.
PAT
This is where Port Address Translation (PAT) comes in. Each session between a local host and an Internet host is assigned to an individual TCP port. When the gateway receives traffic intended for the host it knows where to send it.
Utilization
This metric displays the actual throughput versus the bandwidth available.
DMVPN
To support both client-to-site and site-to-site on an enterprise-wide WAN the Dynamic Multipoint VPN (DMVPN) was developed. This technique allows VPN tunnels to be created dynamically on demand. This reduces the need for static site- to site tunnels.
Traffic shaping
Traffic shaping is a technique used on high volume networks to ensure the timely delivery of prioritized traffic and provide optimal performance to the users. The network is managed and optimized to control the type and amount of traffic by prioritizing important traffic. As an example, VoIP traffic will receive a higher priority than standard data.
TCP
Transmission control protocol -connection oriented TCP makes sure the data is put in the right order, and none of it is missing. TCP ensures a reliable connection, checking packets for errors, requesting a "re-transmission" if it detects one. -large packet size -3 way handshake -numbered -1->1
SSL/TLS
Transport Layer Security (TLS) is the successor protocol to SSL (Secure sockets layer). TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.
TFTP
Trivial File Transfer Protocol Port 69 Simplified version of FTP. It does not offer features like authentication and remote directory viewing. It is light, fast but insecure.
802.1Q
Trunking A trunk is a point-to-point link between two network devices that carry more than one VLAN. With VLAN trunking, you can extend your configured VLAN across the entire network
IPV6 tunneling
Tunneling aids the transition from IPv4 to IPv6 by allowing IPv6 routers and hosts to communicate with each other over the existing IPv4 infrastructure. To accomplish these IPv6 datagrams are encapsulated within IPv4 packets and travel on the IPv4 network. The IPv6 datagram is extracted by the IPv6 destination device.
Internal DNS vs. External DNS
Typically a company will have two DNS servers, one internal and one external. The external DNS server will be placed in the DMZ and will only provide access to public services like a web server or VPN. The internal DNS serves the domain and is inaccessible from the Internet. Internal hosts requiring Internet communication or external resolution will have their requests forwarded from the internal DNS server to the external DNS server.
APC vs UPC
Ultra Physical Contact Connectors (UPC) represents a finer polish on the fiber PCC connection allowing for more reliable signaling with less loss. The APC (Angled Physical Contact Connector) is used in installations where very little (ORL) Optical Return Loss is tolerated. By very little, we mean no more than 0.0001% of the signal is lost. This is achieved using an 8-degree angled design on the cable ends making the air gap more diagonal and allowing for tighter connections.
UTM appliance
Unified threat management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as anti-virus, anti-spam, content filtering, and web filtering.
OSI
Used to demonstrate theory behind computer networking. Consists of 7 layers: 7. Application - app interface 6. Presentation - formatting data, translation and interpretation 5. Session - connection management 4. Transport - TCP/UDP management 3. Network - IP routing 2. Data Link - MAC and LLC 1. Physical - material (signals/cabling)
UDP
User datagram protocol -connectionless It is part of the TCP/IP suite of protocols used for data transferring. UDP is known as a "stateless" protocol, meaning it doesn't acknowledge that the packets being sent have been received. -small packet size -no error recovery -can be broadcast
Transceiver/Duplex/speed mismatch
Using a switch that supports modular interfaces allows you to tailor the number and type of connections your network requires. Many switches support hot-swapping each modular interface allowing easy upgrades. Existing Ethernet interfaces can be upgraded to fiber using transceivers. Each connection will use matched pairs of transceivers that support the same speed and duplexing capabilities to avoid Transceiver, speed and duplex mismatches. These conditions contribute to network bottlenecks.
Tone generator & probe
Using a tone generator and probe, cables can be traced and followed end to end through some seemingly impossible bundles. One device is useless without the other. In operation one wire has a tone applied to it at a frequency readable by the probe, it will produce an audible signal. This assures that if you have tone on your cable at the destination, it's the right one.
VLAN hopping
VLAN hopping is an attack that exploits the way VLANs are tagged. In this attack, the hacker sends transmissions to the switch that appear to be a part of the protected VLAN. Hackers are then free to travel across VLANs in order to gain sensitive information. Attackers can modify the VLAN tag by double tagging it or by spoofing the switch into thinking this is a trunk.
VLSM
Variable length subnet mask So far creating subnets was a matter of dividing the new subnets into smaller equal portions. In practice, this could prove to be an inefficient approach as some subnets may waste addresses while others may need more. Variable Length Subnet Masks (VLSM) was developed to allow subnets to be further divided to more efficiently match the needs of the network. You create the largest subnet first then "subnet the subnet" from there.
Video surveillance
Video surveillance, in the form of closed-circuit TV (CCTV), has greatly reduced the manpower needed to visually monitor protected areas. Strategically placed video cameras can cover areas that once required physical surveillance. The video cameras send their imaging to a central monitoring station, enabling security personnel to view and record activity throughout the entire coverage area(s). The video camera can connect to the central monitoring station using a coaxial cable or through the existing network. Regardless of the connection method used, remember that these cameras can be motion activated or can remain on at all times. As a rule, all video should be recorded and saved.
VNC
Virtual Network Computer or VNC is a graphical desktop sharing program that allows you to control another computer remotely. This tool transmits the keyboard and mouse movements on your computer to a remote system and responds with graphical screen updates. All this communication takes place over a network. 5900 is the default port for VNC. VNC is an open protocol, and this allows for the seamless interoperation between software packages of different vendors.
VPN
Virtual Private Networks (VPN) provide a secure, private, encrypted, host-to-host connection called a tunnel. The tunnel is established between a host and a network server in a client to site configuration or as a site to client tunnel.
WPA
WPA (Wireless Protected Access) was developed in order to increase security and dynamically create new keys for every transmission. WPA uses TKIP (Temporal Key Integrity Protocol) which utilizes the RC4 (Rivest Cipher 4) stream cipher. Each packet gets a unique 128-bit key.
Network configuration and performance baselines
We have established the network configuration using logical and physical diagrams. An important method of analyzing your network's performance is by using a performance baseline. Once established the baseline allows you to compare your current performance metrics like throughput and response time against those of the baseline. Baselines allow you to analyze your network's performance against previous baselines. Your network will experience higher demand based on the time of day, day of the week or even longer periods. Knowing your network utilization will help you spot problems or plan for events that will increase demand.
Password policy
Weak, and compromised passwords are a primary threat to our system security. Your company will have a clear password policy that covers the length of the password, and the specifications for the character types that must be used. There will be a list of dos and don'ts. Do not divulge your password to anyone, be they a co-worker or your superior. Don't leave the password written down and stored in your office. The length and complexity of your password are important, and it is equally important to safeguard your password.
Content filtering
Web content filtering is the practice of blocking access to web content that may be deemed offensive, inappropriate, or even dangerous.
DRDoS
What is DrDoS? DrDoS stands for Distributed Reflection Denial of Service attack. DrDoS techniques usually involve multiple victim machines that unwittingly participate in a DDoS attack on the attacker's target. Requests to the victim host machines are redirected, or reflected, from the victim hosts to the target.
WAN
When a group of LANs covers a large geographical area it is called a WAN (Wide Area Network). Consider the Internet as the largest WAN.
Packet drops
When a packet is dropped it must be retransmitted. This takes a toll on network performance that increases as long as the condition exists.
Role separation
When an account is created, it should only give the user the minimum privileges and permissions necessary to perform their duties. RBAC (role-based access control) can be used to create user groups with specific capabilities. A user can be assigned to one or more groups as needed unless role separation is enforced. Role separation restricts users to only one group. If a user belongs to more than one group, they will not be able to perform the tasks of any of their groups
Incident response policies
When an incident occurs the actions to be taken are laid out clearly in the Incident Response Policy. The document will contain the preparatory information the response team will need to act. The detection methods and threat authentication process is defined. The impact of an incident is quickly contained and further problems are prevented.
Scope options
When configuring a DHCP server, it is also necessary to provide additional information to the clients. In addition to the address, the client needs the default gateway address, a primary and secondary DNS server address, and the length of time the address is leased to the client. Known as lease time, this field is a variable time value that once expired, the IP address will be returned from the client back into the address pool for reissue.
Bad port
When diagnosing a connection issue always check the network adapter the connection LED status indicators You can use a loopback plug to diagnose a bad port or failed adapter. It is possible that the port has bent pins creating intermittent connections or no connection at all.
Backups
When planning backups, you need to know what needs to be backed up and how often it should be backed up. We cover four backup types here: Full backups back up everything each time it is performed. Differential backups back up everything that has changed since the last full backup. Incremental backups back up everything that has changed since the last backup. Snapshots can't replace the backup types outlined above. They are very useful for frequently used files. The snapshots are taken frequently, even while the files are being modified. Consider it as a frequent incremental backup.
Session
When the session layer receives the correctly formatted data from the presentation layer, it looks to see if it can set up a connection with the other computer across the network. If it can't then it sends back an error and the process goes no further. If a session can be established then it's the job of the session layer to maintain it, as well as co-operate with the session layer of the remote computer in order to synchronize communications. The session layer is particularly important as the session that it creates is unique to the communication in question. This is what allows you to make multiple requests to different endpoints simultaneously without all the data getting mixed up (think about opening two tabs in a web browser at the same time)! When the session layer has successfully logged a connection between the host and remote computer the data is passed down to Layer 4: the transport Layer.
Static routing
When using static routing a network administrator specifies the paths between networks in the routing table. This is efficient and has low overhead, but it cannot compensate for network failures without manual intervention.
Verify full system functionality and, if applicable, implement preventive measures
When you are satisfied with the repairs have the user run through some typical functions to ensure functionality. Take the time to review the situation and take preventative measures if necessary.
Virtual IP
When you look at server clustering and load balancing you will see it is important to manage the network load on the servers. Server clustering allows a group of servers to work together while appearing as a single virtual IP address.
Static
When you manually set the IP address it is known as a static IP address. Statically assigned addresses are used when servers, printers, and other network devices need to be consistently available to the network nodes at the same address. Static addressing increases administrative overhead but is necessary for devices that provide network services. Otherwise, DHCP is the preferred method.
66 block / 110 block
Where copper cabling needs to be interconnected you will find at least one Intermediate distribution frame (IDF) or punchdown block in the network or telco closet the IDF comes in two types the 66 block or the 110 block. They are called punchdown blocks because of the way you connect the wires. Your wire is placed in each pin on the block. When seated properly a punchdown tool is used to drive the wire into the pin and cut off the excess
SIP trunk
Where there is an existing broadband connection SIP (Session Initiation Protocol) trunking can use VoIP to create virtual circuits supporting multiple VoIP calls using all available bandwidth. SIP trunking is an economical alternative to the T1 PRI.
WiFi Analyzers
WiFi Analyzers can be used to discover a problem, and more importantly, optimize the performance of your WiFi network. They range from the simplest "How many bars are you getting?" to multicolor spectrum analysis of the wireless environment. Suffice to say that this tool is a useful diagnostic. It is available for free from your wireless provider's site and will run on your smartphone. Keep in mind that wireless signals are measured in dBm and is always expressed as a negative value, making -25 dBm a stronger signal than -90 dBm. Use these devices to avoid channel overlap
Deauthentication
Wireless clients must authenticate with a wireless access point. There are times when this authentication can be revoked. For example, if the AP is overloaded, some users may be deauthenticated (knocked off). This requires them to log back onto the network. The deauthorization process can be broadcasted, prompting the user to resend their login credentials and other information in order to log back in. This data can be collected and used to cause damage.
Wireless Mesh
Wireless mesh networks can be connected with or without wireless routers and gateways. This configuration is best deployed in a static environment. Network devices can be used to support more connections. Movement of nodes triggers routing updates to all which create network congestion.
WEP
Wireless network traffic can be seen and captured. WEP (Wired Equivalent Privacy) was the original encrypted WiFi protocol. WEP is not very strong. A WEP connection could be decoded, with software that can be easily found, within minutes. WEP has some shortcomings, for example, the same static network key is used on all clients. This key can only be changed manually.
Software-defined networking
With our networking environment consisting of both virtual and physical network management and even the creation of new networks represents quite a challenge. SDN (software-defined networking) centralizes the control of data flow by using software. In this process determinations that were traditionally handled by routers and switches, are now handled by the SDN controller. The SDN controller integrates the functions of device configuration and device management into a single software interface. This simplifies device management as every physical or virtual device can be accessed, monitored and configured. The software interface or dashboard allows administrators to control devices simultaneously as a group, making it a clear alternative to individual device access. SDN will play a major role in Cloud technologies.
VoIP PBX
You will often see a dedicated telephony switch called a VOIP PBX that handles all internal VoIP communications while handling the external VoIP traffic through the VoIP gateway.
Z-Wave
Z-Wave is a smart home protocol used for command and control functions in the home. To receive and distribute data and commands a Z-Wave controller (or hub) is used. Z-Wave transmissions have a range of 100 meters per hop by using repeaters with the limitation of four hops. The controlled devices themselves can serve as repeaters in a Z-Wave mesh network. This configuration allows for mapping and route selection based on latency.
Port mirroring
also known as SPAN (Switched Port Analyzer) a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.
Distance-vector routing protocols
can use metrics as simple as the number of hops or they can calculate the latency and congestion. Neighboring routers can exchange this route information with each other. The protocols rely heavily on the routes they receive because they can't measure network conditions more than two hops away. -RIP -EIGRP
cable standards chart
cat3 - 10Mbps - 100m cat5 - 100Mbps - 100m cat5e - 1Gbps - 100m cat6 - 10Gbps - 100m cat6e - 10Gps - 100m cat 7 - 10Gbps - 100m
classful vs classless ip addressing
classful vs classless ip addressing - 2 concepts to approaching ip addresses classful = network portion follows the rules of the network classes (a,b,c...) ip addresses have 3 parts (network, subnet, host) a = 1st octet b = 1&2 octets c = 1-3 octets classless = breaking boundaries of classful ip addresses have only two parts: combines network/subnet portion into just subnet host portion
cidr
classless inter-domain routing (prefix notation) cidr = a way to adminster ip addresses, efficient notation style tells how many networks(1s) and hosts(0s) bits example 255.255.255.240/28 = 1111 1111 . 1111 1111 . 1111 1111 . 1111 0000 class a = /8 class b = /16 class c = /24
iptables
iptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.
latency
measurement of time delay between input and output
Unicast
message is only sent to one station on the network
Multicast
messages are sent to a group of stations
Broadcast
messages are sent to all stations in the network
T1/T3 - E1/E3 numbers
network - channels - line rate T1 - 24 channels @ 64Kbps each - 1.544Mbps E1 - 32 channel @ 64 Kbps each - 2.048Mbps T3 - 28 T1 circuits 672 channels - 44.736Mbps E3 - 16 E1 circuits 512 channels - 34.368Mbps
nslookup
nslookup is a network administration command-line tool for querying the Domain Name System to obtain domain name or IP address mapping, or other DNS records.
H.323
port 1720 defines the protocols to provide audio-visual communication sessions on any packet network
Telnet
port 23 It provides a functional command prompt on the remote host. These are plaintext communication channels making them subject to interception.
Mac address table
sometimes called a Content Addressable Memory (CAM) table, is used on Ethernet switches to determine where to forward traffic on a LAN based of mac addresses associated with ports.
802.11 standards
standard - frequency - rated throughput - range a - 5GHz - 54Mbps - 100m b - 2.4GHz - 11Mbps - 50m g - 2.4GHz - 54Mbps - 100m n - 2.4 or 5GHz - 600Mbps - indoor 70m outdoor 250m ac wave 1 (3 data streams) - 5GHz - 1.3Gbps - indoor 70m outdoor 250m ac wave 2 (4 data streams) - 5GHz - 3.47Gbps - indoor 70m outdoor 250m ac wave 3 (8 data streams) - 5GHz - 6.93Gbps - indoor 70m outdoor 250m
subnet mask
subnet mask = enable routers to determine the network and host portions of an ip address accompanies ip address network portion = 1s (always consecutive) host portion = 0s when subnetting is not used: default subnet mask a = 255.0.0.0 b = 255.255.0.0 c = 255.255.255.0 when subnetting is used: you dont always steal an entire octet of host portion, only a portion sometimes this is where cidr(classless inter-domain routing) comes in
subnetting
subnetting enables us to divide classful networks into smaller networks take bits from the host portion to create the subnet portion router considers the network and subnet portions when routing
tcpdump
tcpdump is a command-line utility that you can use to capture and inspect network traffic going to and from your system. It is the most commonly used tool among network administrators for troubleshooting network issues and security testing. tcpdump also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or a open source GUI based tool called Wireshark (Network Protocol Analyzier) that reads tcpdump pcap format files.
Bandwidth
theoretical maximum amount of data that can pass through the network at any given time
VLAN
virtual local area network a way of splitting up traffic on the same physical network into multiple networks. help with network management, by subdividing the network, administrators can manage the network much more easily. Imagine setting up two separate LANs, each with their own router and Internet connection, in the same room. VLANs are like that, but they are divided virtually using software instead of physically using hardware — only one router with one Internet connection is necessary.